Security News > 2022 > June > This new malware diverts cryptocurrency payments to attacker-controlled wallets
A clipper malware is a piece of software that once running on a computer will constantly check the content of the user's clipboard and look for cryptocurrency wallets.
This way, if an unsuspecting user uses any interface to send a cryptocurrency payment to a wallet, which is generally done by copying and pasting a legitimate destination wallet, it gets replaced by the fraudulent one.
That malware impersonated MetaMask, a popular crypto wallet, and aimed at stealing credentials and private keys to steal Ethereum funds from the victims, in addition to changing the wallets in the clipboard to obtain more cryptocurrency.
Clipper attacks work very well because of the length of cryptocurrencies wallets.
Keona Clipper then quietly monitors for any clipboard activity and uses regular expressions to check for any cryptocurrency wallets.
A screen capture from Cyble shows a Bitcoin wallet controlled by the threat actor.