MultiversX Tracker is Live!

Malware indirectly/secretly replacing wallet address values (copy paste or directly typing)

All Cryptocurrencies

by COINS NEWS 161 Views

So I guess there is a malware on my pc that is secretly replacing the values of crypto addresses when being entered, but different from other clipboard hijacking malware.

This malware doesn't visibly change the text of the address that I paste (or type), the address that I copied is actually entered. But when I would go through with the transaction, it would turn out that the receiving address was different. Somehow it is displaying the correct address in the text field but the actual value is another address. I'm probably explaining this horribly so I've recorded a couple of screen recordings in a text converter website using some random addresses I copied from the block.

This first video is me copying and pasting various bitcoin, ethereum and litecoin addresses

You can see in the video that the address being read is not the address being shown.

This isn't just a copy and paste issue, also occurs when directly typing the address. Here I manually typed a couple bitcoin addresses and again, the text being read defaults to the same different address.

I have done a full scan of my PC multiple times but nothing was found, and these videos were recorded after the scans.

Some other details:

  • This is only occurring on Google Chrome, but not on Edge (the only other browser I have installed)
  • This doesn't occur while in incognito mode in Chrome
  • This still occurs after disabling all extensions on Chrome (edit: I am an idiot and I guess I must not have not reloaded the browser correctly or missed one by accident, but the culprit did turn out to be an extension, more details in the edit below)
  • This doesn't occur on another device using Chrome on the same profile with the same extensions and settings

I will be doing a clean reinstall of Google Chrome next but I first wanted to make this post first.

Has anyone else had this kind of malware experience before? I thought I was being pretty cautious until now, double-, triple-checking that I've entered the wallet address correctly, but I never would have thought for this to be even possible.

update: It turns out I missed disabling an extension when trying to find the cause, as the problem ended up being a third party extension disguised as 'Google Sheets'. The problem disappeared when I disabled and removed this extension. In the directory of the extension were various files I'm assuming to be responsible, contaning terms like 'coinbase', 'withdrawal', 'binance', etc. If anyone is interested in reverse engineering these (if even possible) just let me know. I should have caught this much earlier in the process but I guess better late then never, and it is a better outcome than having an untraceable malware deep in my system files.

Thanks to everyone that provided advice and solutions, I really appreciate it

submitted by /u/Phatasaurus
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments