You may recall a couple of weeks ago that I posted about malware that somehow got into my computer and changed the crypto addresses where I was moving funds. Fortunately enough I was vigilant enough to notice and not lose any funds, even if repeated attempts to copy and paste led to the same result which led to me inevitably and painstakingly writing the address(es) manually.

A quick read around, and especially an article on Reddit led me to the conclusion that it was a bit of malware called Clipper. First appeared in 2017 on Windows systems, but later spreading to Android devices via fake apps including imitations of Metamask) Clipper is a type of malicious software that hijacks your computer or phone’s clipboard to steal cryptocurrency by replacing copied wallet addresses with the attacker’s own.

In short, and I am reiterating this deliberately, when you copy-paste a crypto address, the malware silently swaps it, so funds go to the hacker instead of your intended recipient.

Clipper is designed to monitor what you copy and paste, and especially strings that look like crypto wallet addresses (funnily enough it is not bothered about anything else). While it was not the entry point in my case it often targets messaging apps and social platforms like WhatsApp, Telegram, Facebook, and X (Twitter), where crypto scams are common and it continues to be distributed through repackaged or fake versions of popular apps, making them look legitimate while secretly running the malware.

Binance has described it as a persistent danger to crypto users.

The best way to protect ourselves is to exercise due diligence by double-checking wallet addresses before confirming any transaction and to avoid downloading apps from unofficial sources or suspicious links. Additionally, we should use only trusted security software to detect clipboard hijacking and at all times stay alert.

Now time for a confession.

I am fairly confident of how I got infected and worst still it was because I broke one of my cardinal rules. I have repeatedly posted never to trust an ad on sites that offer free crypto such as Cointiply, CoinPayU and DutchyFaucet while there is nothing wrong with these sites on the whole – other than Dutchy’s obsession with porn!

I am fairly confident that my mistake was in responding to an ad on Dutchy to add Slice to my browser. One quick click and I was done. I broke my rules, I didn’t stick to my first principles and I nearly got burnt.

In the end I got lucky, not just because I saw the address change but because when I posted about it, Igor from P0x sent me a link to some anti-malware software (I trust him 😊) and I downloaded the free seven day version which removed it. I also noticed when I ran the software that it had embedded itself into an old game file which I would have never considered looking at.

So beware, be cautious and as always stay safe and well my friends.