Cryptocurrency exchange Binance has issued a cautionary notice about a pervasive global threat involving clipper malware, which poses a significant risk to cryptocurrency users by facilitating financial fraud.
Clipper malware, also known as ClipBankers, is a form of malicious software classified by Microsoft as cryware. This malware is designed to monitor clipboard activity and steal sensitive information that users copy, including substituting cryptocurrency addresses with those controlled by the attacker.
When a victim’s system is compromised, digital asset transfers are redirected from the intended wallet address to a fraudulent one.
“In the clipping and switching process, cryware monitors clipboard content and searches for patterns that resemble a hot wallet address,” Microsoft explained as early as 2022. “If the user pastes or uses CTRL + V within an application window, the cryware replaces the clipboard content with the attacker’s address.”
On September 13, 2024, Binance issued a warning detailing its observation of a widespread malware campaign targeting cryptocurrency wallet addresses. The exchange noted a significant uptick in such activity, particularly on August 27, 2024, which led to considerable financial losses for the affected users.
“The malware, often disseminated through unofficial apps and plugins, particularly on Android and web applications, has been a growing concern. However, iOS users are also advised to be cautious,” Binance stated. Evidence suggests that these malicious applications are often inadvertently installed when users search for software in their native languages or through unofficial channels, mainly due to regional restrictions.
To combat this threat, Binance is actively working to blacklist the attacker’s addresses to prevent further fraudulent transactions. The exchange has also reached out to affected users, advising them to scrutinize their systems for any signs of suspicious software or plugins.
In addition to warning against downloading software from unofficial sources, Binance emphasizes the importance of exercising caution when installing apps and plugins and ensuring their authenticity.
Blockchain analytics firm Chainalysis reported last month that while aggregate illicit activity on blockchain networks has decreased by nearly 20% year-to-date, inflows from stolen funds have nearly doubled, rising from $857 million to $1.58 billion.
“Scammers are shifting from broad-based Ponzi schemes to more targeted scams such as pig butchering, work-from-home scams, drainers, and address poisoning,” the firm noted. It also observed an increase in the use of Chinese language marketplaces and laundering networks.
According to the U.S. Federal Bureau of Investigation (FBI), 2023 marked a record year for cryptocurrency fraud, with total losses surpassing $5.6 billion—a 45% increase from the previous year.
“Cryptocurrency exploitation was most prominent in investment scams, which accounted for nearly 71% of all cryptocurrency-related losses. Call center frauds, including tech/customer support scams and government impersonation scams, made up about 10% of cryptocurrency-related losses,” reported the FBI’s Internet Crime Complaint Center (IC3).
Most of these cryptocurrency-related losses originated from the U.S., followed by the Cayman Islands, Mexico, Canada, the U.K., India, Australia, Israel, Germany, and Nigeria.