The malware, part of a family of threats known as “clipboard hijackers,” secretly gains control of memory, running in the background to ensure users do not notice its presence. It then replaces the Bitcoin address that the user has copied into the clipboard with the address of the attacker, which the user later unknowingly pastes and sends their coins to.
“Unless a user double-checks the pasted address, they will have no idea that this swap took place,” Bleeping Computer notes, adding an explanatory video about how the malware works.
Bitcoin users face a variety of vulnerabilities when using hardware to transact, regardless whether this is an Android smartphone, Windows PC or other device.
“Attackers recognize that users are copying and pasting the addresses and have created malware to take advantage of this,” Bleeping Computer adds.
Keeping up-to-date antivirus software running constitutes users’ main defence against the problem, along with double-checking the destination Bitcoin address of a transaction if this has been entered using a copy-paste function.
Some hardware wallets such as TREZOR additionally force users to double-check addresses for manipulations whenever one is generated.