
Discover more from Web3 Bits and Bytes
⚠️I got scammed⚠️- A short story
Clipboard malware that swaps your wallet address when you copy and paste it is on the rise. Find out if you are affected, what you can do to remove it and how to prevent it 👇
Welcome back readers👋
If you’re a new reader, thank you for checking in💜. Feel free to check out this month’s newsletters, which is the best way to explain what you will get here👇👇
In addition to the weekly newsletter format, I will occasionally write a long-form post discussing the recent happenings in web3 - it could be about an exploit in web 3.0 or a new tool launched in this space or a deep dive into how some of your favourite DApps actually work. Drop your suggestions in the comments
During the past few years, there has been a major boost in cryptocurrency adoption and development.
More people are using Crypto to transact their money than ever before. While this is great for the industry as a whole, it also means that there is a greater incentive for hackers to develop malware to steal your coins. And that brings us to the scam story.
As of today’s post, Yes I got scammed, lost ~200$ because of a Clipboard Malware😪!
Now, how did it happen in the first place?
So, I had won some bounties in a hackathon and had shared my ETH address to receive the bounty in my wallet (I use Metamask)
Majority of the folks donot type their address manually and I did the same, copied it from the firefox extension and pasted it in the form, not realising the address copied was slightly different than my actual ETH address 🥶
Bruh, What just happened?
There was a clipboard malware watching all crypto address copied on the clipboard and changing those to their own private wallets thus robbing me of my money. Because it happens in the clipboard most people wouldn’t notice the change between copying and pasting. I got scammed and how 😱
Clipboard virus is an extremely dangerous cryptocurrency virus that is misuses Clipboard to steal people's funds
Malicious actors behind such threats take advantage of the fact that cryptocurrency wallet addresses are long, and people often copy them and paste to the needed place.
The concept is very simple.
👉When the victim copies their wallet address to their clipboard, the malware will replace it with a different address - which the attacker owns.
👉If after pasting the address the victim does not double-check if it matches the originally copied address, they end up sending the funds to the address of the attacker instead.😔
👉Because blockchain transactions are irreversible, it is impossible to retrieve your funds once they have been sent to the wrong address and your coins are lost 🥵
📌As malware like these run in the background with no indication that it is even running, it’s not easy to spot that you are infected😰
📌Therefore it is important to always have a updated antivirus solution installed to protect you from these types of threats🤯
Well in my case that didn’t help either (probably because mine wasn’t updated in 2 weeks).😭
How do you know if you’re affected?
Clipboard malware can come in many different forms. 🧐
It can come as an application that you have installed/executed in your computer or even as a browser extension! 😈
An easy way to detect this kind of malware is by simply copying a wallet address from an exchange and pasting it somewhere - browser / text editor😮
If you notice that the wallet address that was pasted is different from the one you copied, then there is a solid chance that you have this malware on your device.😨
P.S: If the malware is in the form of a browser extension, this address swap may only happen on addresses that are copy and pasted inside your browser. (Which happened in my case😫)
What can you do to remove the malware?🧐
Typically, malware such as Clipboard Hijacker is distributed using spam campaigns /emails, Trojans, untrustworthy software download sources/channels, unofficial tools that people use to activate software and fake software updaters. In my case it was a large dll file running in background.
There are a few steps you can take to remove the malware from your device:
Remove ❌ all extensions from your browsers.
Install ❌trustworthy antivirus software and run a scan.
Usually, performing a scan with a trustworthy antivirus software will identify and clean this threat.
🔔Make sure that you are downloading them from official sources, otherwise you might end up installing even more malware!
What can you do to prevent getting the malware?
👉 Never install browser extensions from untrusted sources
👉 Always doublecheck the websites for phishing scams. The malware entered my system through installation of infinity wallet extesnion in Firefox. 😨
👉Keep your browser and operating system up to date and avoid installing unnecessary extensions.
👉Be careful of anyone sending you attachments in public forums like Discord, or clicking on any links that are placed there by other members.
👉Scammers will often message you directly in social media platforms like Instagram or Twitter, promising you money or other kinds of rewards. Do not trust these.
👉Be on the lookout for phishing emails. If you own crypto there is a good chance someone will target you with fake emails. Always check for the sender address, and any personalizations in the email. AVOID clicking on any hyperlinks in suspicious emails.
🚧Clipboard hijackers are usually considered a low threat since these types of malware strains are usually focused on a very specific attack.
⚠️However, it is always good to keep in mind that malware can be easily updated over the air to include additional functionality or even download other secondary payloads.
❗Detection is crucial❗
Now that you know what not to do, go audit your devices and see if you’re affected too. 👩💻
🟣Opportunities in web 3.0 this week🟣
1️⃣ Lumos lab isorgaising Buidl for web 3.0 in Delhi. Prizes worth INR 18k. ALso stand a chance to win from apool of $100000. What are you waiting for? Apply here 🏃♀️
2️⃣ Stack Shift has launched a fellowship for Web3 builders and innovators to expand their network and explore high-impact jobs in Web3. Apply here
That’s a wrap for today!
If you want more web3 gyan, then, be sure to follow us on Twitter (@Web3_BNB)
Adios👋
How'd you like today's web3 Bytes?
Let me know in the comments