What is CryptoWallet Clipper Malware?

Crypto is all the rage lately, that much is obvious, both from the amounts of money that crypto moves and from the empty GPU shelves in computer part stores. Of course, with that popularity comes an increased volume of malware that seeks to target crypto in some way.

One of the types of malicious software targeting crypto users is called cryptowallet malware or wallet clipper malware. This category comprises malicious tools that are used to monitor the clipboard on infected systems.

The clipboard monitoring functionality allows the malware to intercept wallet strings placed in the clipboard. When a cryptowallet clipper victim is about to make a legitimate transaction and copies the recipient's wallet string to the clipboard, the malware quietly intercepts the original wallet string, then replaces it inside the clipboard with the string of a wallet that is controlled by the malware's operators.

In this way, the victim will be transferring funds into the criminals' wallet instead of the wallet of the intended original recipient.

Wallet clipper malware can sneak on a system in a number of ways, as the final payload of a number of malicious droppers. Its low profile and under-the-radar activity that leaves barely any footprint on the system can also make it particularly difficult to detect and remove.

June 8, 2022