Topic: Bitcoin Clipper (Read 519 times)

You are every hacker's dream with the way you use your computer. An operating system that no longer has support and is probably full of security holes like Swiss cheese + obsolete applications + no AV/firewall. Malicious things lurk from any page, a simple click on a seemingly legitimate ad can infect your computer. Since you have nothing to warn you of the danger, malware or virus exists freely on your computer, it harms you, but if it manages to get information about your contacts (e-mail, social networks) then it can spread to them by sending unauthorized messages that look like you sent them.

Are you really sure ?  …: https://thehackernews.com/2019/02/android-clickboard-hijacking.html

There are also plenty of apps to customize the keyboard on mobile devices, that could be logging your keystrokes and sending them to a remote repository. That is another vector of attack that is open to devious plans …

Just remember that you're not going to be lucky every time. These malware are moving from one platform and the other, and I won't be surprised if they managed to get themselves on Android or iOS.

Remember that nobody is going to give anything for free, especially if it's a paid apps in the first place.

Oops! I'm guilty of doing few of these things. I used to go to websites which offers free download of modded apps/games especially knowing that the original version is not free on official stores, I accidentally click internet ads sometimes too. But I haven't seen any suspicious in my smartphone so far. I also don't encounter any problem every time I send funds to my girlfriend, the pasted address match with the real one. Hmm I guess I'm just lucky or maybe there's no availble bitcoin clipper for mobile devices up to this moment lol.

Thank you @pooya87 but am well aware of that too and never connected ay external device to my PC.
I use it mainly to browse the web but don't use any AV or firewall. My guess is that it got infected by exploiting a browser vulnerability as I use an outdated version of Chrome (don't know why it doesn't auto-update) on Windows 7.

What I noticed is that the malware only detects addresses starting with 1 and 3. It doesn't alter native SegWit addresses. So, either the hacker wrote the code before SegWit got implemented or he is a BCH/BSV supporter (kiddidng )

you sometimes don't have to get your PC infected from the internet. sometimes connecting an infected device to your PC can do the same thing. like connecting a USB disk with the malware on it and opening it would simply infect your system.

I found out recently that my PC has been infected with the clipboard hijacker malware for the second time.
I have now idea how or when this happened since I've been very cautious and never downloaded any file from the Net!

What I do is to exclude the first character and copy the rest of the address then, after pasting it, I add the missing character manually. It works for me but I strongly recommend to scan your hardrives and entirely remove the malware.

This topic regarding AV is popping up quite often.
To not repeat myself, i regularly provide shorter or more detailed answers.

Usually, its something along the lines:



I could have at least be more detailed, i agree with you.

AV's will definitely detect known malware which they have in their database (and this database is huge).


But in this case (clipping board malware), it simply won't be detected because:
1) This is extremely simple code which will not be in the database of AV's and
2) Sandboxing and testing by the AV will not trigger any action from the malware since the user first has to manually copy an address. 
3) It won't trigger any behavior analysis, since after all.. it just changes the clipping board. An AV software wouldn't detect that as malicious.





It is not like that very well written malware is impossible to detect, but its almost always possible to circumvent AV measures.

Some things are harder than others. Ransomware, for example.
If a software start to access a huge ton of files and creates a massive amount of files which seem to be random (a.k.a. encrypted files), any AV will stop the process.
This wasn't the case when the first few ransomwares were detected.

It's a race between the AV engines and the malicious actors. The latter ones are always slightly ahead.


If a 13y old script kiddy is playing around with kali linux and metasploit, this malware most likely will always be detected by most reputable AV engines.
But if we look at organized crime (which a lot of dangerous malware is coming from), that's a totally different story.





They aren't.
And that's not what i meant.

It is just that they are useless in this specific case (clipping board hijacking malware) and one shouldn't completely rely on it in terms of "the AV didn't detect anything, so it has to be fine".
It is also worth to be mentioned that AV's have been exploited quite often in the past to run malicious code with administrator privileges.

There are by any means not worthless. But they can not secure a device on its own.

Best think to not use your wallet on a device which you use for browsing the internet and for downloading stuff. I always use a stand alone device for all my cryptocurrency related activities.

I also tend to keep it offline whenver possible . In my opinion it is very hard to distinguished a malware nowadays. Most antiviruses are able to detect it but still you cannot take a chance with your money.

I know your position when it comes to AV, but I don't understand why you persistently promote the idea that they are completely unnecessary and that they will not detect all those viruses/malware that are already in the database of such AV? If we accept your idea that any well-designed malware is impossible to detect, then almost all computer users (especially those using Windows OS) are infected.

You are not an average user and I believe you rely only on common sense and Linux, but there are very few such users if we take into account all those who use the internet today. In some cases I may agree that some AVs (especially the free ones) are not doing their job as they should, but I will never agree that they are completely unnecessary and useless.

Every crypto user should protect themselves, one way or another - some like you are obviously experts at it, others need the help of a good AV that will in most cases detect and block malicious programs.

What? Relax, he is just reminding everyone else to be careful on these kinds of phenomena. There are still some cases in which people who are unaware of this became a victim of clipboard hijacking  

---

The most common examples of acquiring these malware are from downloading email attachment, hacked or modded or unofficial distibution of application (cracked application), clicking internet ads etc.. If you are not keen and careful enough to notice these red flags crawling on the internet, your computer will obviously become a reservoir of malicious software.

Moreover, here are some of the known classification of malicious files that may be infecting your computer if you are not cautious enough.
[1] https://www.virustotal.com/gui/file/f47cee6e222b3a8c0b2e0af1de610ac0ba32f248cb0234ccfaf2d7a1d51d9fd2/detection

Its less a "Bitcoin Clipper" than a clipboard hijacking malware.



AV's won't detect it.




That's actually something you should always do.
And don't download shitty unknown software.

You won't mine 1k$ BTC per hour with this new high-end_miner.exe which is free.

Use your common sense.

Paradoxically though, your personal webpage does point to some sites which conflict the idea of keeping safe. I’m not going to go through them all, but as an example, those sites that you link to that sell your data are things to avoid altogether from a privacy point of view, aside from them being a potential safety hazard. The less stuff installed the better.

Did you read the start post? I see nothing about any suggestion of actually running anything on your machine? He was saying don't install malware on your computer and look out for it by doing things such as running AV.

They are kind of malware which get access of your copy/paste. You don't need to download them directly. They stay on different app, software in disguise. You will be asked to download a necessary software or app for yourself but the malware will be there in disguise and change your copied address into hacker address.

As a user do you want a suspicious file is inside on your computer that can access a lot of your personal information and cryptocurrency wallet? If yes, better to lock this thread and don't give any problem to the other members and back to the forum, you told you to enjoy. We are having a lot of care for every member of the forum that's why they made the main board so the newbies and other members may aware of the things which are not safe to the members.

If you don't want to use this, good. Don't just carry away because of the information you get that you can use the term "hacker" it is not cool if you are stealing of information by others and using the software came from unknown sources that give trouble to the other members.


As this information only gives a lot of doubt to the users because just a simple investment of 1 BTC you will get back an earning of 2 BTC it is impossible its a huge loss to them so stay away on this kind of method earnings.

Dude may I know how fraudsters able to force their victims to download it? Are bitcoin clippers disguised as not a harmful software or can be just hidden within the softwares which can be founded anywhere in the internet?
Really? Well I guess I do not belong on the people you are perraining about . Anyway, it's true somehow because I can still read posts of members here or even outside this forum complaining why their their receivers didn't receive the fund they sent. How sad to know that there are still who forgot or really not double checking btc addresses as if it is not a crucial thing.

Also don't run stuff from people you can't trust. An anonymous source on the Internet can't be detected and shouldn't be trusted. If you check signature legitimacy on other software this also can't happen (and cheap AV is a good idea too).

I have been on some other forums just having fun and talking with people.
Lots of people have been posting bitcoin clippers with their post, and a lot of people download it before the post is taken down and the user banned.
If you don't know what a bitcoin clipper is, let me explain. Basically, when this bitcoin clipper is installed on your computer, everytime you copy/paste a bitcoin address, it will change into that hacker's bitcoin address, and you might send the money to the hacker instead of the person you actually wanted to send to. And since many people don't check their addresses after sending, this clipper is very easy for hackers to use, very effective for them, and very disastrous for those who fall for it.

An easy way of getting rid of this forever is by running a scan on your computer for bitcoin clippers and other viruses by a professional.
Another simply way is just double/triple check your bitcoin address before sending.

Have a great day  and stay safe