Binance Issues Warning Over Rising Clipper Malware Attacks Targeting Users
Cryptocurrency exchange Binance has issued a global advisory warning of an increasing threat from clipper malware, also known as ClipBankers. The malware is specifically targeting cryptocurrency users, with the aim of facilitating financial fraud by redirecting digital asset transfers to rogue wallets. The advisory, issued on September 13, 2024, highlights the growing risk of clipper malware, which monitors clipboard activity on a compromised system to replace copied cryptocurrency addresses with those controlled by attackers.
Clipper malware, classified by Microsoft as a form of "cryware," is designed to monitor the contents of a user’s clipboard and detect cryptocurrency wallet addresses. When a user copies and pastes an address, typically through keyboard shortcuts like CTRL + V, the malware replaces the copied address with one belonging to the attacker. As a result, any cryptocurrency transfers are routed to the rogue wallet instead of the intended recipient.
Source: The Hacker News
Binance's advisory noted that this particular form of attack has spiked in activity, particularly on August 27, 2024, leading to significant financial losses for affected users. The malware is primarily spread through unofficial apps and plugins, with Android users at heightened risk. However, Binance also cautioned iOS users to remain vigilant. The threat is exacerbated by users inadvertently installing malicious apps when searching for software in their native languages or using unofficial channels due to restrictions in their countries.
In response, Binance has taken steps to blocklist addresses linked to the attackers and has notified affected users, advising them to check for suspicious software or plugins on their devices. The exchange has urged users to avoid downloading software from unofficial sources and to exercise caution when installing apps or plugins, ensuring their authenticity.
The rise in clipper malware comes amid broader concerns about cryptocurrency-related fraud. Blockchain analytics firm Chainalysis recently reported a nearly 20% drop in overall illicit activity on-chain in 2024. However, stolen funds inflows have surged, nearly doubling from $857 million to $1.58 billion. Chainalysis has also observed a shift in scammers’ tactics, with a focus on more targeted campaigns like "pig butchering" and address poisoning, alongside increased activity on Chinese-language marketplaces.
The U.S. Federal Bureau of Investigation (FBI) has also raised concerns about the growing exploitation of cryptocurrency, particularly in investment scams. According to the FBI’s Internet Crime Complaint Center (IC3), cryptocurrency-related losses surpassed $5.6 billion in 2023, marking a 45% increase from the previous year. Investment scams accounted for nearly 71% of these losses, followed by call center frauds and government impersonation scams.
Read More
Latest
