This malware alters wallet addresses during transactions, leading to financial losses. It swaps the user's copied wallet address with one controlled by attackers. As a result, funds are sent to the wrong destination without the user realizing it.
Binance Highlights Risks of Clipper Malware in Crypto Transactions
Since August 27, 2024, Binance has seen a spike in incidents, with Android users being the primary targets. However, iOS users are not entirely safe, as the malware spreads through unofficial apps and plugins. These often come from unverified sources, especially when users search for software in their local languages.
“We've identified a global malware issue that alters withdrawal addresses during the transaction process. Be cautious of plugins and apps you've installed, especially on Android and web apps, and stay alert on iOS too,” Binance stated.
To mitigate this threat, Binance's security team has blacklisted suspicious addresses, notified impacted users, and is actively monitoring for additional risks. Users were also advised to triple-check withdrawal addresses to prevent Clipper malware from interfering with their transactions.
“To be extra safe, you can take a screenshot of the withdrawal address right before sending the payment and have the recipient verify it against a photo to leave text-altering malware no chance,” Binance advised.
In addition, Binance stressed the importance of verifying the authenticity of apps and plugins and using reliable security software.
Market analysts note that Clipper malware is a variant of the address poisoning attack. Scammers use this technique to trick users into sending funds to similar-looking but fraudulent addresses. Earlier this year, this tactic led to the theft of $70 million in wrapped Bitcoin (WBTC) from an investor.
This Binance alert comes amid a broader increase in malware targeting crypto users. Earlier this month, McAfee uncovered a new mobile malware, “SpyAgent,” that steals users' mnemonic keys. A mnemonic key is a 12-word phrase used to recover cryptocurrency wallets.
SpyAgent spreads through fake Android apps disguised as banking, government, and utility services. According to McAfee, 280 fake apps have been identified since the start of the year.
These threats reflect a persistent issue within the crypto industry. The FBI recently reported that crypto investors lost $5.6 billion to scams and hacks in 2023.
.aff-primary {
display: none;
}
.aff-secondary {
display: block;
}
.aff-ternary {
display: none;
}
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.