Fake “Google Notes” Browser Extension Caught Swapping Crypto Wallet Addresses
ID: 8dbe1d7c-aa59-51ac-b979-40bd6ad41e3f
STIX ID: report--8dbe1d7c-aa59-51ac-b979-40bd6ad41e3f
Feed Name: HackRead
McAfee researchers uncovered a malicious Chromium browser extension masquerading as a 'Google Notes' note-taking app that functions as a crypto-clipper: it monitors the clipboard for cryptocurrency wallet addresses and swaps them before users paste, causing irreversible fund loss. The attackers deploy the extension via unsigned installers that alter browser preference files to bypass store approval, retrieve active backend domains from a public blockchain smart contract, and have a global footprint (notably concentrated in India). McAfee recommends validating wallet address characters across devices, installing extensions only from official stores, removing unknown extensions, reviewing permissions, avoiding unsigned downloads, and keeping security software active.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
