What are the methods used to attack cryptocurrencies through the clipboard?

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: sintone on April 12, 2024, 04:03:00 AM

Hello everyone, I am a macOS software developer. I am currently developing an open-source software to safeguard users' clipboards (https://secureclipx.cleanclip.cc), aiming to protect users' assets from the influence of malicious software.

I am currently gathering information on attack methods used by malicious software through the clipboard to enhance the capabilities of my software.

Could you please provide any existing attack methods related to the clipboard?

Have you tried researching common way to track or modify clipboard of Mac OS? Here's an example from quick google search.

Quote from: https://www.securonix.com/blog/detecting-macos-loobins-attack-activity-using-security-analytics/

On a macOS system, there are two commands that can be used to extract clipboard data, osascript, and pbpaste. This technique is quite well-known and documented at this point and is built into popular exploitation frameworks such as the EmpireProject’s EmPyre, a Python-based exploitation framework which works with macOS.

https://apple.stackexchange.com/a/281399 also provide many resource about clipboard on Mac OS. I don't think most member can provide details which aren't mentioned on those link i mentioned.

un_rank

hero member

Activity: 644

Merit: 661

- Leo -

The best current solutions I see employed to prevent clipboard attacks is sensitive applications having a virtual keyboard in their system. This protects the user even if a hacker has access to the device default keyboard. Users should not download randome keyboards no matter how fancy they look cause that is the top way hackers gain access. If you muct download, find an open source software to use after doing your research on it.

- Jay -

SickDayIn

jr. member

Activity: 28

Merit: 5

Whilst i am sure your project has god intentions to safeguard users clipboards when copying and pasting cryptocurrency addresses, I think it's important to acknowledge that a supply chain attack on your company and software could be a lucrative target for hackers as they could compromise your software and enforce the pasting of a malicious cryptocurrency address to hijack funds..it will be important to make some commitments to security and get some kind of security code audits or attestation to give customers confidence.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: sintone on April 12, 2024, 04:03:00 AM

Hello everyone, I am a macOS software developer. I am currently developing an open-source software to safeguard users' clipboards (https://secureclipx.cleanclip.cc), aiming to protect users' assets from the influence of malicious software.

I am currently gathering information on attack methods used by malicious software through the clipboard to enhance the capabilities of my software.

Could you please provide any existing attack methods related to the clipboard?

The solution you suggest is that instead of copying the data using clipboard manager, you created an alternative to the system clipboard, which may protect the user, but hackers can check system file, and if it is found that SecureClipX was downloaded, will change the file extension to the link in which you copy the dat.

The best solution for such viruses is not to download random applications and to check the Bitcoin address several times, but the Clipboard V2 application is a temporary solution unless you have a code that guarantees that pasting will be exactly the same as copying ( a HASH function as example.)

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: sintone on April 12, 2024, 04:16:46 AM

BTC addresses are difficult to identify with the naked eye, so many people do not bother to double-check visually, which can easily lead to errors.

It is not too difficult to double-check BTC addresses, some people are used to checking the first and last 3-6 characters, but that in itself is not enough, and an attacker can generate a vanity address that is very similar to your address and that will deceive you. Double-check all the characters in your address before sending funds, if you want to be sure.

Abbatty

member

Activity: 102

Merit: 21

I have been away for sometime but didn’t stop me from studying and learning about crypto, I don’t know much about this but with my little knowledge on bitcoin and cryptocurrency i’d like to share my little knowledge.

I think keyboard can be attack by the Two major ways:

1. Spoofing
2. Sweeping

1. Spoofing:
This method involves hiding or disguising identity to enable malicious activity. i.e spoofing the identity of the malicious party to make it believable and to also appear trustworthy. This method also applies to calls, emails websites and even IP addresses.
They act like they impersonate information from a known source example is like they can create an email like it from your bank and you can easily fall victim to it

2. Sweeping:

The sweeping method is very tricky, in this method what they do is they monitor your transactions so when you copy a wallet address they intercept it and assign there own wallet address which look very similar to yours, without proper Check you a definitely falling a victim, so when you send funds or coins it will be there address you send it to.

For further explanation and understanding you can read the link.
https://consensys.io/blog/spoofing-sweepers-and-clipboard-hacks-how-to-stay-safe-from-scams

sintone

newbie

Activity: 2

Merit: 0

Quote from: Charles-Tim on April 12, 2024, 04:09:01 AM

The attacker malware gain access to the clipboard of his victims device. The malware change the bitcoin address that the victim copied. It changed it to the attackers bitcoin address. So if the victim paste what is copied to the clipboard, it will be the attackers address and not the address that he copied.

If the victim wants to send his address to someone to send him some coins, it will be the attackers address that would be sent.
If the victim wants to send bitcoin to someone, he will unknowingly send the coins to the attackers address.

That is why it is good to check and recheck the address that you are sending coins to.
That is why it is good to avoid malware
Cold wallets are safer
Using QR code is effective as it does not make use of clipboard but camera.

Thanks Charles,

BTC addresses are difficult to identify with the naked eye, so many people do not bother to double-check visually, which can easily lead to errors.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

The attacker malware gain access to the clipboard of his victims device. The malware change the bitcoin address that the victim copied. It changed it to the attackers bitcoin address. So if the victim paste what is copied to the clipboard, it will be the attackers address and not the address that he copied.

If the victim wants to send his address to someone to send him some coins, it will be the attackers address that would be sent.
If the victim wants to send bitcoin to someone, he will unknowingly send the coins to the attackers address.

That is why it is good to check and recheck the address that you are sending coins to
That is why it is good to avoid malware
Cold wallets are safer
Using QR code is effective as it does not make use of clipboard but camera.

sintone

newbie

Activity: 2

Merit: 0

Hello everyone, I am a macOS software developer. I am currently developing an open-source software to safeguard users' clipboards (https://secureclipx.cleanclip.cc), aiming to protect users' assets from the influence of malicious software.

I am currently gathering information on attack methods used by malicious software through the clipboard to enhance the capabilities of my software.

Could you please provide any existing attack methods related to the clipboard?

Topic: What are the methods used to attack cryptocurrencies through the clipboard? (Read 117 times)