How can I get over clip board malware attack?

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Quote from: jerry0 on March 05, 2022, 03:10:03 PM

Would a hacker really use their time to create clipboard malware for something like greencoin or bluecoin? How long would that even take? So owning certain coins would prevent you from clipboard malware then?

A good developer will make any software they create very flexible. So it should be trivial to adjust any malware that is well-written if some new coin became popular.

It is also possible that malware is written in a way such that it does not specifically look for "bitcoin" private keys, but rather looks for what resembles private keys (this might not be specifically relevant to clipboard malware).

I would also make the general statement that if a coin is not popular enough for people to write malware to try to steal, there is a good chance that coin is not very valuable.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: o_e_l_e_o on March 05, 2022, 03:51:18 PM

Quote from: jerry0 on March 05, 2022, 03:10:03 PM

How long would that even take?

Take existing malware, swap out BTC address detection for *insert coin* address detection, swap out BTC address insertion for *insert coin* address insertion, done. Probably under 2 minutes.

At this point I'd assume that your run-off-the-mill clipboard malware comes with multi-coin support. Once a victim is compromised there's no reason not to check against multiple address formats for whatever coins may be profitable.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: jerry0 on March 05, 2022, 03:10:03 PM

Would a hacker really use their time to create clipboard malware for something like greencoin or bluecoin?

No one can profess to know the motivation of every person in the world responsible for coding malware, but if there is potential profit to be had, then someone is likely to attempt it. Bear in mind the most shitcoins are just tokens on another blockchain, though, so a piece of malware which swaps Ethereum addresses for example will be able to steal thousands of useless tokens too.

Quote from: jerry0 on March 05, 2022, 03:10:03 PM

How long would that even take?

Take existing malware, swap out BTC address detection for *insert coin* address detection, swap out BTC address insertion for *insert coin* address insertion, done. Probably under 2 minutes.

Quote from: jerry0 on March 05, 2022, 03:10:03 PM

So owning certain coins would prevent you from clipboard malware then?

No, checking your addresses properly and having good browsing habits which prevent you from being infected by malware in the first place will protect you from clipboard malware.

jerry0

full member

Activity: 1736

Merit: 186

Would a hacker really use their time to create clipboard malware for something like greencoin or bluecoin? How long would that even take? So owning certain coins would prevent you from clipboard malware then?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Daodex on March 04, 2022, 05:30:30 AM

1. Don't visit website with http link which is not a secured connection, a secured one should be in https format.

There is absolutely no good reason to not have HTTPS Everywhere installed in your browser and running at all times. If you are using Firefox or Tor (which you should be), then you can also just go to Settings -> Privacy & Security and check the box for "Enable HTTPS-Only Mode in all windows". But as DdmrDdmr says, this encrypts your communications with your destination, protecting again interception and man in the middle attacks. It the destination you are connecting to is malicious, then your communication with that malicious site will be encrypted, which offers absolutely no protection to you as the end user. So in short, you should always use HTTPS, but it doesn't guarantee security by any means.

Quote from: Daodex on March 04, 2022, 05:30:30 AM

2. Don't make crypto transactions on your PC I find phone to be less prone to malwares

I've stopped running wallets on windows OS pc the risks you go through every day by day is high.

Well, your issue with PCs is a Windows problem rather than a PC problem.

Quote from: jerry0 on March 04, 2022, 02:03:30 PM

So is it possible for you to copy and paste a btc address ready to send and the cliipboard malware changes it... but if you copy and paste a btc address to say notepad or address bar on chrome ... and it doesn't change it?

There's no inherent reason that malware couldn't detect where you are pasting the address and selectively change it based on this informaiton.

Quote from: jerry0 on March 04, 2022, 02:03:30 PM

Also what if it looks like a btc address but it has much less characters or more characters? Could the clipboard malware recognize it such as okay this is over 80 characters long... this is not a btc address?

Absolutely.

Quote from: jerry0 on March 04, 2022, 02:03:30 PM

Also I keep hearing about only btc and eth when it comes to the clip board malware attack. But what about other coins though? Imagine you had some coin that is worth little and most people haven't even heard of. What happens there?

There's nothing stopping someone creating clipboard malware for any coin in existence.

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Quote from: jerry0 on March 02, 2022, 05:59:43 PM

Is there a way to test if the clipboard malware attack exist on your pc?

You can try sending a large amount of coin via copying an address and see if the transaction goes to the right place.

It is really not possible to know if you have been infected with malware with absolute certainty.

Quote

But as long as you copy an address that looks like a btc address to say another part on the computer, whether its an address in an exchange, notepad or even google search, as long as it doesn't change it... your computer do not have that clipboard malware?

No. if you are infected with malware, you cannot trust any output that your computer produces. This includes any displayed information. There is the risk that malware will change what is on your clipboard and will continue to display the address on your monitor but will change what is transmitted to any website.

jerry0

full member

Activity: 1736

Merit: 186

So is it possible for you to copy and paste a btc address ready to send and the cliipboard malware changes it... but if you copy and paste a btc address to say notepad or address bar on chrome ... and it doesn't change it?

Also what if it looks like a btc address but it has much less characters or more characters? Could the clipboard malware recognize it such as okay this is over 80 characters long... this is not a btc address?

Also I keep hearing about only btc and eth when it comes to the clip board malware attack. But what about other coins though? Imagine you had some coin that is worth little and most people haven't even heard of. What happens there?

DdmrDdmr

legendary

Activity: 2310

Merit: 10758

There are lies, damned lies and statistics. MTwain

Quote from: Daodex on March 04, 2022, 05:30:30 AM

1. Don't visit website with http link which is not a secured connection, a secured one should be in https format. <…>

That’s really an often stated misconception. The "s" (secure) part will imply that the data you transmit to and from the site will be encrypted, but it does nothing else but give a false sense of security when it comes to the likeliness of dealing with a site that can provide malware through some kind of download, or else other malware or intent in wrongdoing. An SSL certificate is pretty cheap to obtain, and there are multiple scam, phishing, you name it type sites that resort to it, simply because of the wrong sense of security it bears.

Daodex

member

Activity: 252

Merit: 12

1. Don't visit website with http link which is not a secured connection, a secured one should be in https format.

2. Don't make crypto transactions on your PC I find phone to be less prone to malwares

I've stopped running wallets on windows OS pc the risks you go through every day by day is high.

Husna QA

legendary

Activity: 2254

Merit: 2852

#SWGT CERTIK Audited

Quote from: jerry0 on March 02, 2022, 05:59:43 PM

Is there a way to test if the clipboard malware attack exist on your pc?

For Windows OS users (Windows 10 and above), use the shortcut Windows key + V to view the Clipboard. In the list that appears on the Clipboard, you can first check whether the BTC address previously copied is correct or not.

Quote from: jerry0 on March 02, 2022, 05:59:43 PM

But as long as you copy an address that looks like a btc address to say another part on the computer, whether its an address in an exchange, notepad or even google search, as long as it doesn't change it... your computer do not have that clipboard malware?

Yes, because if a computer has clipboard malware, the pasted data is different from the copied data.

jerry0

full member

Activity: 1736

Merit: 186

Is there a way to test if the clipboard malware attack exist on your pc?

I remember i saw a video where a guy would just copy and paste a btc address from notepad to somewhere else as a test and noticed when he did that... it changed. Of course the first few letters of the btc address was the same so it seems this malware is smart in that it would find the starting letter of the btc address to be similar before it makes the change.

But as long as you copy an address that looks like a btc address to say another part on the computer, whether its an address in an exchange, notepad or even google search, as long as it doesn't change it... your computer do not have that clipboard malware?

Luzin

hero member

Activity: 1400

Merit: 770

So far I've experienced windows. It's purely my fault, downloading free apps and installing them on my computer from unofficial websites. That's as far as I'm concerned because I don't have enough money to pay for a paid app to get a full license. Don't do stupid things like me.

How do I know this? yes because I always check the wallet address if I want to Deposit or Withdraw. That precision made me safer, because I didn't confirm it right away. It turned out that the virus was in the chrome add-on, even I had deleted it but it always appeared when my computer turned it back on. The last resort is that I have to clean up my Windows reinstallation. So far for Android I still feel safe.

Ryker1

sr. member

Activity: 1918

Merit: 442

Eloncoin.org - Mars, here we come!

Quote from: ANSEL_2.0 on March 02, 2022, 08:57:26 AM

This happened to me once but got saved because I like checking the last three alphabet at the end of my address most times, I wasn't able to get rid of this malware or whatever it is until I reformated my hard disk.

Well checking the sending and receiving any crypto address before sending your coins is very important, the first 3 digits and the last 3 digits would help you to determine if still using your crypto address and make sure you copied it right.
However, to avoid this problem, just regularly check your computer or any device that was used to know if it is affected by the malware attack.

ANSEL_2.0

member

Activity: 271

Merit: 14

This happened to me once but got saved because I like checking the last three alphabet at the end of my address most times, I wasn't able to get rid of this malware or whatever it is until I reformated my hard disk.

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Quote from: o_e_l_e_o on February 28, 2022, 04:35:55 AM

Quote from: PrimeNumber7 on February 27, 2022, 05:42:07 PM

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen.

And malware could also just lift your private keys straight out of your wallet as soon as you unlock it if you aren't using a hardware wallet or airgapped wallet. Or just feed it a malicious transaction straight off, like the fake versions of Electrum did. But these kinds of malware are far rarer than clipboard malware, as is any malware which changes what appears on your screen.

The fact remains is that clipboard malware is relatively common, and it takes 10 seconds to fully check an address. It is irresponsible to do anything less.

Yes, as I mentioned in my previous post, it is a good practice to check the address before signing a transaction.

If someone knows or believes their computer is infected with malware, I would advise them to not trust any output their computer gives them, including information displayed on their screen.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: PrimeNumber7 on February 27, 2022, 05:42:07 PM

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen.

And malware could also just lift your private keys straight out of your wallet as soon as you unlock it if you aren't using a hardware wallet or airgapped wallet. Or just feed it a malicious transaction straight off, like the fake versions of Electrum did. But these kinds of malware are far rarer than clipboard malware, as is any malware which changes what appears on your screen.

The fact remains is that clipboard malware is relatively common, and it takes 10 seconds to fully check an address. It is irresponsible to do anything less.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: NotATether on February 26, 2022, 08:14:53 AM

Linux is not going to protect you from clipboard malware that's written for it. It's only going to make it slightly easier to remove (Windows, being the dinosaur it is, hides a lot of internal stuff inside the Registry and machine-readable files that's nigh-impossible to clean up save by reinstalling).

I never heard of a single clipboard malware for Linux operating system, I even searched the web to find more information about that, but without any result.
It doesn't mean it's impossible to make something like this but chances for this to happen are much lower than for WiNd0ws or Mac OS.
Few years ago I was testing some alternative clipboard manager software for windows, but I don't remember the name of that program that was just running in the background.
One more thing that is connected with clipboard are keyloggers, and protection for this is using encryption tools, so anything you type on keyboard will be protected.
This would be a good idea for win-addicts and lazy people, but not really needed if you use separate offline computer for crypto.

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Quote from: o_e_l_e_o on February 26, 2022, 07:18:02 AM

Quote from: Accardo on February 25, 2022, 08:27:22 AM

Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

It takes 10 seconds to double check an entire address.

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen. So unless you are using a device that is insulated from any malware your internet-connected computer may have, such as an HW wallet, or an air-gapped computer, checking the entire address will not do much good against malware.

It is however a good practice to double-check the entire address before finalizing a transaction, in case you copied the wrong address, or didn't actually copy anything when you already had another address in your clipboard.

Husna QA

legendary

Activity: 2254

Merit: 2852

#SWGT CERTIK Audited

Quote from: NeuroticFish on February 26, 2022, 06:42:37 AM

While hardware wallet is not a bad advice, one has to carefully double check the addresses whether he's using it or not.
What I also mean is that HW may give a false sense of security, while it doesn't actually help (directly) against clipboard malware.

The hardware wallet function is not as an antivirus. So first I suggest this:

Quote from: Husna QA on February 25, 2022, 07:59:57 PM

-snip- make sure your OS is updated frequently. Install the antivirus as suggested above and update it regularly. -snip-

Quote from: NotATether on February 26, 2022, 08:14:53 AM

Linux is not going to protect you from clipboard malware that's written for it. -snip-

Yes, but currently, the target of the clipboard malware is Windows OS users. I have not encountered any cases of Linux being attacked by this malware. I'm also a macOS user and so far haven't encountered any cases of clipboard malware as in Windows OS.

Quote from: Husna QA on February 25, 2022, 07:59:57 PM

-snip- always double-checking the address -snip-

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: o_e_l_e_o on February 26, 2022, 07:18:02 AM

You can keep your OS updated, download every piece of antivirus software there is, and all the rest of it, and still fall victim to this malware. The only 100% protection is to accurately double check the address against the source after you have copy and pasted it. It takes 10 seconds. Just do it.

Yes, I went through a thread on a Microsoft special interest board that talks about the vulnerability of windows OS on clipboard snooping. The question was to know if the antivirus actually get rid of the attack. But, the answer was centered on the fact that it helps reduce the possibility of such attack but, cannot prevent it entirely because of the loopholes on computers that use Microsoft OS. I think Microsoft is not a better choice for someone that wants to stay safe from such attack.

You can check the thread below
https://answers.microsoft.com/en-us/protect/forum/all/how-to-protect-ourselves-from-clipboard-snooping/5af0be93-f4fc-4034-a305-7e8045dda2f2

Topic: How can I get over clip board malware attack? (Read 333 times)