Home Bitcoin XRP and BTC Among Coins Targeted in New Malware Campaign
Bitcoin

XRP and BTC Among Coins Targeted in New Malware Campaign

Share


Cybersecurity researchers at McAfee Advanced Threat Research have uncovered an extremely sophisticated cryptocurrency-stealing malware campaign dubbed “Silent Swap.”

It relies on a malicious browser extension to intercept and modify user clipboards and then swap legitimate cryptocurrency wallet addresses with fake ones.

The bad actors are hunting for Bitcoin ($BTC), Ethereum ($ETH), $XRP, Bitcoin Cash, Dash, as well as other cryptocurrencies.

Silent Swap is different from primitive “crypto clippers” due to its alarming level of sophistication.

The campaign relies on advanced browser manipulation, decentralized command-and-control (C2) infrastructure, and other cutting-edge techniques.

The “Google Notes” disguise

The infection typically begins with the victim downloading unsigned .NET or Golang installers. They are often disguised as free or cracked versions of legitimate software.

The installer then deploys a malicious extension that masquerades as a benign “Google Notes” application.

By tampering with the browser’s configuration files, Silent Swap forcibly sideloads itself into Chromium-based browsers, including Google Chrome, Microsoft Edge, Brave, and Opera

Normally, Chromium browsers store security verification data. Silent Swap bypasses this defense by recalculating and updating these security values after injecting its code.

The “Google Notes” extension, which gets installed by uninitiated victims, grants itself invasive permissions.

Server-side wallet mapping

As soon as the extension detects a copied address matching the regex patterns for $BTC, $ETH, $XRP, Bitcoin Cash, or Dash, it does not use a hardcoded replacement. Instead, it queries the attacker’s backend server.

The malicious actors behind Silent Swap also do not hardcode their command-and-control (C2) domains into the malware. Instead, they utilize a technique known as “EtherHiding.”

Silent Swap has a globally distributed infection footprint, with a particularly high concentration of victims in India.



Source link

Share

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't Miss

True Defensive Stocks That Rise Even Amid War as Triple-High Pressures Hit Markets

High oil prices, high interest rates, and a weak won have simultaneously hit markets following the U.S.-Iran conflict, driving continued volatility. Securities firms...

Pound-Euro Steady as Weak German Factory Orders Weigh on EUR

Modified: Monday, 8 June 2026 20:31 BST - Written by David Woodsmith STORY LINK Pound-Euro Steady as Weak German Factory Orders Weigh on...

Related Articles

Bitcoin tops $61,000 while Worldcoin and Uniswap lead the rally

Bitcoin (BTC) price holds above $61,000 on Friday, maintaining a steady stand...

Hyperscale Data buys 67 Bitcoin, increasing total treasury to 849 BTC

Hyperscale Data just added another 67 Bitcoin to its balance sheet, pushing...

Bitcoin Price Forecast: BTC extends recovery amid positive progress in US-Iran peace talks

Bitcoin (BTC) is extending its recovery, trading above $61,000 at the time...

Hyperscale Data reports $106.7m in bitcoin, cash and silver holdings By Investing.com

LAS VEGAS - Hyperscale Data, Inc. () reported that its combined holdings...