A new report out by Naked Security, a blog produced by the cybersecurity firm Sophos has surfaced which discusses how certain malware on your machine could be editing copy and pasted wallet addresses for the financial gain of others.
Let me set the scene.
You’re about to purchase some Bitcoin, and need to enter the receiving address. You copy the address from a document onto your clipboard, ready to paste the address into the box ready for the Bitcoin to be sent. Of course, by copy and pasting, you can be sure you don’t miss a letter or a digit and thus, can be sure that you enter the correct address.
However, behind the scenes you have installed a malicious programme that can access your clipboard. The programme is able to read your address, set up a new wallet at a similar address and then change your copied address into its own new address.
So, for example, say your address is ABC123 (this is fictional remember) the malware can find your address, make a new wallet with a similar address, in this instance A8C123 (fictional again) then change your copied text to A8C123. You then go on and paste the malicious address and send your newly purchased Bitcoin to it.
Unless you look really closely, you’re not going to notice the address change, are you?
You can see the full report for yourself, here.
How can you protect yourself from this happening?
Firstly, you need to stop trusting the copy and paste system. If you use it, check that what you copied is the same as what you have pasted. Or, enter the required data manually, this way you can guarantee you won’t be affected by this sort of malicious software. Next, never copy and paste private or sensitive data, this includes passwords and private keys, simply because the software is also able to read what’s on the clipboard, if you’re password is on there, it’s likely going to be exposed.
You should use an up to date, recognised anti-virus software.
Keep your machines up to date, avoid dodgy links from dodgy emails and remain vigilant. Realistically you can’t even keep yourself totally safe from this sort of crime, at the very least though, if you proceed with caution and act in a safe manner online, you will go a long way in limiting the risk to yourself and your personal data/assets.