Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Cryptocurrency exchange Binance is warning of a "ongoing" worldwide attack that's targeting cryptocurrency users with clipper malware with the purpose of aiding financial theft.

Clipper malware, sometimes dubbed ClipBankers, is a form of malware that Microsoft labels cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including changing cryptocurrency addresses with ones under an attacker's control.

In doing so, digital asset transactions launched on a hacked system are sent to a rogue wallet instead of the original destination address.

"In clipping and switching, a cryware monitors the contents of a user's clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address," the tech giant said way back in 2022. "If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipboard with the attacker's address."

Binance, in an alert released on September 13, 2024, said it has been following a broad malware threat that intercepts data saved in the clipboard with an intent to switch out cryptocurrency wallet addresses.

"The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users," the exchange added. "The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant."

There is evidence to show that these dangerous programs are mistakenly installed by users while looking for software in their local languages or via unauthorized channels, especially owing to limitations in their country.

The business also stated it's taking efforts to blocklist the attacker addresses to prevent additional fraudulent transactions, and that it has alerted impacted customers, encouraging them to search for indicators of strange software or plugins.

Besides asking users to avoid from downloading software from unapproved sources, Binance is advocating for exercising care when it comes to installing applications and plugins and confirming they are real.

Blockchain analytics company Chainalysis stated last month that aggregate illegal activity on-chain has declined by about 20% year-to-date, however stolen cash inflows nearly quadrupled from $857 million to $1.58 billion.

"Scammers for the most part continue to pivot away from broad-based ponzi schemes to more targeted campaigns like pig butchering, work from home scams, drainers, or address poisoning," it said, adding it noted a "rise in the use of Chinese language marketplaces and laundering networks."

According to the U.S. Federal Bureau of Investigation (FBI), 2023 was a record year for cryptocurrency fraud, with total losses topping $5.6 billion, a 45% increase compared to the previous year.

"The exploitation of cryptocurrencies was most common in investment schemes, where losses accounted for roughly 71% of all losses connected to cryptocurrency. Call center frauds, including tech/customer support scams and government impersonation scams, accounted for around 10% of losses connected to bitcoin," the FBI Internet Crime Complaint Center (IC3) reported.

A overwhelming majority of the losses with a cryptocurrency nexus emanated from the U.S., followed by Cayman Islands, Mexico, Canada, the U.K., India, Australia, Israel, Germany, and Nigeria.