Malware indirectly/secretly replacing wallet address values (copy paste or directly typing)

Share:

So I guess there is a malware on my pc that is secretly replacing the values of crypto addresses when being entered, but different from other clipboard hijacking malware.

This malware doesn’t visibly change the text of the address that I paste (or type), the address that I copied is actually entered. But when I would go through with the transaction, it would turn out that the receiving address was different. Somehow it is displaying the correct address in the text field but the actual value is another address. I’m probably explaining this horribly so I’ve recorded a couple of screen recordings in a text converter website using some random addresses I copied from the block.

This first video is me copying and pasting various bitcoin, ethereum and litecoin addresses

You can see in the video that the address being read is not the address being shown.

This isn’t just a copy and paste issue, also occurs when directly typing the address. Here I manually typed a couple bitcoin addresses and again, the text being read defaults to the same different address.

I have done a full scan of my PC multiple times but nothing was found, and these videos were recorded after the scans.

Some other details:

This is only occurring on Google Chrome, but not on Edge (the only other browser I have installed) This doesn’t occur while in incognito mode in Chrome This still occurs after disabling all extensions on Chrome This doesn’t occur on another device using Chrome on the same profile with the same extensions and settings

I will be doing a clean reinstall of Google Chrome next but I first wanted to make this post first.

Has anyone else had this kind of malware experience before? I thought I was being pretty cautious until now, double-, triple-checking that I’ve entered the wallet address correctly, but I never would have thought for this to be even possible.

submitted by /u/Phatasaurus
[link] [comments]

Generated by Feedzy