- McAfee points out ‘Silent Swap’, a malicious Chromium extension disguised as Google Notes that secretly hijacks crypto transactions
- It works as a clipboard hijacker, exchanging copied wallet addresses with addresses controlled by attackers so that victims unknowingly send funds to criminals.
- Researchers recommend always checking full wallet strings before sending them, as attackers can create similar addresses that differ by only a few characters.
Researchers have found another extension for Chromium-based browsers that is designed solely to steal people’s hard-earned cryptocurrencies.
A report from McAfee has raised the alarm about Silent Swap, malware hiding inside a benign-looking Google Notes extension.
Victims who find and download it (most likely through phishing, social engineering, or suspicious websites and forums) will get an extension that appears to work as intended. It displays a small window where the victim can write a note and save it. They can color code notes and search through saved ones. However, this was only done to hide the program’s true intentions, which are to steal cryptocurrency.
Clipboard hijacking
Silent Swap works like a typical clipboard hijacker. Monitors the clipboard for strings that look like a crypto wallet: seemingly random strings of 26 to 42 alphanumeric characters.
When it detects one, it replaces it with a different one that belongs to the attacker, so when the victim pastes the address into the wallet to send the funds, they are actually sending them to the address that belongs to the attackers.
This works because crypto wallets are almost impossible to memorize and too risky to write down on a piece of paper or a different document, forcing users to rely on copy and paste.
Once the victim sends the funds, they will almost certainly disappear forever. Only if the funds are sent from a centralized exchange (like Coinbase, for example), and if the victim detects the attack quickly enough, can they request the exchange’s support to freeze the transaction. In all other cases, once the money is sent, it is gone.
The best way to defend against these attacks is to cross-reference the strings before hitting send. Some people would only check the first and last characters, but security researchers do not recommend this, because some clipboard hijackers can generate addresses that only differ by a few characters.

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




