Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker's control.
In doing so, digital asset transfers initiated on a compromised system are routed to a rogue wallet instead of the intended destination address.
"In clipping and switching, a cryware monitors the contents of a user's clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address," the tech giant noted way back in 2022. "If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipboard with the attacker's address."
Binance, in an advisory issued on September 13, 2024, said it has been tracking a widespread malware threat that intercepts data stored in the clipboard with an aim to swap out cryptocurrency wallet addresses.
"The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users," the exchange said. "The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant."
There is evidence to suggest that these malicious apps are inadvertently installed by users when searching for software in their native languages or through unofficial channels, primarily due to restrictions in their countries.
The company also said it's taking steps to blocklist the attacker addresses to prevent further fraudulent transactions, and that it has notified affected users, advising them to check for signs of suspicious software or plugins.
Besides urging users to refrain from downloading software from unofficial sources, Binance is calling for exercising caution when it comes to installing apps and plugins and ensuring they are authentic.
Blockchain analytics firm Chainalysis revealed last month that aggregate illicit activity on-chain has dropped by nearly 20% year-to-date, although stolen funds inflows nearly doubled from $857 million to $1.58 billion.
"Scammers for the most part continue to pivot away from broad-based ponzi schemes to more targeted campaigns like pig butchering, work from home scams, drainers, or address poisoning," it said, adding it observed a "rise in the use of Chinese language marketplaces and laundering networks."
According to the U.S. Federal Bureau of Investigation (FBI), 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, a 45% increase compared to the previous year.
"The exploitation of cryptocurrency was most pervasive in investment scams, where losses accounted for almost 71% of all losses related to cryptocurrency. Call center frauds, including tech/customer support scams and government impersonation scams, accounted for about 10% of losses associated to cryptocurrency," the FBI Internet Crime Complaint Center (IC3) said.
A vast majority of the losses with a cryptocurrency nexus originated from the U.S., followed by Cayman Islands, Mexico, Canada, the U.K., India, Australia, Israel, Germany, and Nigeria.