Binance analysts say that there is a global problem of malware spreading to replace transaction addresses

What’s new? Analysts at Binance, the world’s largest centralized crypto exchange (CEX), said there have been numerous incidents of malware capable of changing the withdrawal address during the transaction process. They urged caution in installing plugins and apps, including web versions and versions for Android and iOS devices.

Source: X.com

What else is known? Binance emphasized that the exchange’s security team is dealing with the issue and is actively blacklisting suspicious addresses.

The software detected by analysts belongs to the Clipper type, such programs intercept data from the clipboard, and in this case, they target crypto wallet addresses.

When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with the one specified by the attacker. The cryptocurrency is sent to the attacker's wallet if the user completes the transfer without noticing the change.

Malware is often spread through unofficial apps and plugins, especially on Android and web versions, but analysts say iOS users should also remain vigilant.

Many victims mistakenly install such programs when searching for software in their native language or through unofficial channels, often due to restrictions in their countries.

In addition to blacklisting suspicious addresses, the exchange notifies victims of the malware and recommends that they check their devices. Victims are also asked for details about the incidents, which will help identify specific programs.

Binance experts urged not to install applications from unofficial sources, as well as to thoroughly check addresses before making transactions and use antivirus.

In August, IS company Check Point discovered software with a similar mechanism of action called Styx Stealer. The creator under the nickname Sty1x lives in Turkey and distributes the program on a paid monthly or perpetual subscription basis.

In the same month, Microsoft said a group of hackers from North Korea used a zero-day vulnerability in the Chromium web browser to steal cryptocurrencies.

Last year, antivirus developer ESET discovered trojans embedded in messengers WhatsApp and Telegram that could spoof crypto wallet addresses and extract seed phrases to gain access to them.