Malicious Browser Extension Steals Cryptocurrency Wallet Addresses
Cryptocurrency users are being targeted by a malicious browser extension called 'Google Notes' that replaces wallet addresses during transactions. The malware, known as clipper malware, is delivered through a malicious extension installed on Chromium-based browsers.
The extension presents itself as a note-taking tool but secretly monitors and alters copied cryptocurrency wallet addresses before they are pasted into payment fields. It operates by requesting broad permissions, including access to all websites, browsing history, and the clipboard, which are unusual for a note-taking application.
The attackers have implemented a remote control method that retrieves command server domains from public blockchain smart contracts, making detection and blocking more challenging.




