XRP and BTC Among Coins Targeted in New Malware Campaign

Bitbuy
Ledger


Cybersecurity researchers at McAfee Advanced Threat Research have uncovered an extremely sophisticated cryptocurrency-stealing malware campaign dubbed “Silent Swap.” 

It relies on a malicious browser extension to intercept and modify user clipboards and then swap legitimate cryptocurrency wallet addresses with fake ones. 

The bad actors are hunting for Bitcoin (BTC), Ethereum (ETH), XRP, Bitcoin Cash, Dash, as well as other cryptocurrencies.  

bybit

2.6T Shiba Inu (SHIB) Exits to On-Chain Ahead of Q3; 3-Month Trend Saves XRP at $1, Citi Slashes Bitcoin Price Target by 27% Because of AI – Morning Crypto Report


Bitcoin (BTC), Stellar (XLM), XRP and Hyperliquid (HYPE) Price Analysis for July 1: Market Must Regain the Foundation

Silent Swap is different from primitive “crypto clippers” due to its alarming level of sophistication. 

You Might Also Like

Title news

The campaign relies on advanced browser manipulation, decentralized command-and-control (C2) infrastructure, and other cutting-edge techniques.  

The “Google Notes” disguise 

The infection typically begins with the victim downloading unsigned .NET or Golang installers. They are often disguised as free or cracked versions of legitimate software. 

The installer then deploys a malicious extension that masquerades as a benign “Google Notes” application.

By tampering with the browser’s configuration files, Silent Swap forcibly sideloads itself into Chromium-based browsers, including Google Chrome, Microsoft Edge, Brave, and Opera

Normally, Chromium browsers store security verification data. Silent Swap bypasses this defense by recalculating and updating these security values after injecting its code.

The “Google Notes” extension, which gets installed by uninitiated victims, grants itself invasive permissions.

Server-side wallet mapping

As soon as the extension detects a copied address matching the regex patterns for BTC, ETH, XRP, Bitcoin Cash, or Dash, it does not use a hardcoded replacement. Instead, it queries the attacker’s backend server.

The malicious actors behind Silent Swap also do not hardcode their command-and-control (C2) domains into the malware. Instead, they utilize a technique known as “EtherHiding.”

Silent Swap has a globally distributed infection footprint, with a particularly high concentration of victims in India.



Source link

Blockonomics

Be the first to comment

Leave a Reply

Your email address will not be published.


*