Binance analysts say that there is a global problem of malware spreading to replace transaction addresses
The exchange’s security service began blacklisting suspicious addresses and collecting information from victims
16.09.2024 - 09:50
1514
3 min
0
What’s new? Analysts at Binance, the world’s largest centralized crypto exchange (CEX), said there have been numerous incidents of malware capable of changing the withdrawal address during the transaction process. They urged caution in installing plugins and apps, including web versions and versions for Android and iOS devices.
What else is known? Binance emphasized that the exchange’s security team is dealing with the issue and is actively blacklisting suspicious addresses.
The software detected by analysts belongs to the Clipper type, such programs intercept data from the clipboard, and in this case, they target crypto wallet addresses.
When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with the one specified by the attacker. The cryptocurrency is sent to the attacker's wallet if the user completes the transfer without noticing the change.
Malware is often spread through unofficial apps and plugins, especially on Android and web versions, but analysts say iOS users should also remain vigilant.
Many victims mistakenly install such programs when searching for software in their native language or through unofficial channels, often due to restrictions in their countries.
In addition to blacklisting suspicious addresses, the exchange notifies victims of the malware and recommends that they check their devices. Victims are also asked for details about the incidents, which will help identify specific programs.
Binance experts urged not to install applications from unofficial sources, as well as to thoroughly check addresses before making transactions and use antivirus.
In August, IS company Check Point discovered software with a similar mechanism of action called Styx Stealer. The creator under the nickname Sty1x lives in Turkey and distributes the program on a paid monthly or perpetual subscription basis.
In the same month, Microsoft said a group of hackers from North Korea used a zero-day vulnerability in the Chromium web browser to steal cryptocurrencies.
Last year, antivirus developer ESET discovered trojans embedded in messengers WhatsApp and Telegram that could spoof crypto wallet addresses and extract seed phrases to gain access to them.
Useful material?
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024