What Is Clipper Malware (Clipboard Hijacking)?
Short Definition: A type of malware that hijacks a user’s clipboard and replaces their crypto address with a hacker’s address. Clipper malware is especially dangerous to cryptocurrency owners and their crypto wallets.
Extended Definition: Clipper malware has been around for at least 2017, and appeared for sale on underground forums in August 2018. The malware endangers the information copied to or from the clipboard, which can be either changed or sent to the attacker’s server.
Related Terms: Cryptocurrency, Cryptomining
How does clipper malware work?
The user copies and pastes a crypto address believing that they are about to transfer funds to someone they know. But instead, the assets are transferred to the attacker’s address. It is usually quite hard to notice that something is wrong, unless you don’t compare the crypto addresses. Unfortunately, these addresses are typically long and hard to read, something that attackers found a way to exploit.
Clippers are usually distributed in the form of trojanized applications that can be downloaded from the internet. The malware’s intention is to steal funds or financial details by exploiting the Windows clipboard. However, other operating systems are also endangered, such as Android.
A recent example of such an attack is ClipMiner, which made at least $1.7 million from cryptocurrency mining and clipboard hijacking. The miner’s capabilities include mining cryptocurrency and modifying the clipboard’s content in an attempt to redirect users’ crypto transactions. The malware scans the clipboard for updates of wallet addresses, and recognizes wallet formats used by several cryptocurrencies. The addresses are then replaced with those of the attackers.
For more definitions, check out our Cyber Dictionary.