This malicious Google Notes extension just wants to sneakily steal all your crypto

Wait 5 sec.

McAfee flags “Silent Swap,” a malicious Chromium extension disguised as Google Notes that secretly hijacks crypto transactionsIt works as a clipboard jacker, swapping copied wallet addresses with attacker‑controlled ones so victims unknowingly send funds to criminalsResearchers advise always cross‑checking full wallet strings before sending, as attackers can craft lookalike addresses differing only in a few charactersResearchers have found yet another extension for Chromium-based browsers that is designed solely to steal people’s hard-earned cryptocurrency.A report from McAfee has sounded the alarm on Silent Swap, a piece of malware hiding inside a benign-looking Google Notes extension.Victims who stumble upon and download it (most likely through phishing, social engineering, or shady forums and websites), will get an extension that, on the surface, works as intended. It shows a small window where the victim can type a note and save it. They can color-code the notes and search through saved ones. However, this was only made to hide the program’s true intentions, which are to steal cryptocurrency.Hijacking the clipboardSilent Swap works like a typical clipboard jacker. It monitors the clipboard for strings that look like a crypto wallet - seemingly random strings of 26 to 42 alphanumeric characters. When it spots one, it replaces it with a different one belonging to the attacker, so when the victim pastes the address into the wallet to send the funds, they are actually sending them to the address belonging to the attackers.This works because crypto wallets are almost impossible to memorize, and too risky to type in from a piece of paper or a different document, forcing users to rely on copying and pasting. Once the victim sends the funds, they are almost certainly irretrievably gone. Only if the funds are being sent from a centralized exchange (like Coinbase, for example), and if the victim spots the attack fast enough, can they ask the exchange’s support to freeze the transaction. In all other cases, once the money is sent, it’s gone.The best way to defend against these attacks is to cross-reference the strings before hitting send. Some people would only check the first and last few characters, but security researchers don’t recommend it, because some clipboard jackers can generate addresses that only differ in a few characters.