Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
Summary
Cybersecurity researchers have identified an active browser extension campaign, dubbed "Silent Swap" by McAfee Labs, that targets cryptocurrency users. This campaign steals funds by stealthily replacing wallet addresses during transactions through the use of fake Google Notes extensions. The clipper is delivered via unsigned installers, observed in both .NET and Golang variants.
IFF Assessment
This article details an active cryptocurrency clipper campaign designed to steal funds from unsuspecting users, representing a direct threat.
Defender Context
This campaign highlights the persistent threat of cryptocurrency theft via malicious browser extensions and social engineering. Defenders should emphasize user education on verifying wallet addresses before initiating transactions and exercising extreme caution with unsigned software or suspicious browser add-ons. Implementing robust endpoint detection and response (EDR) solutions and network monitoring can help detect and mitigate such clipper malware activity.