THE Silent Swap crypto clipper is a malicious browser extension recently identified that intercepts cryptocurrency transactions by tampering with the clipboard. It operates as a fake Google Notes extension, stealing digital assets by replacing copied wallet addresses with those controlled by attackers. The malware is spread through unsigned .NET and Golang installers from unverified sources, avoiding official app stores and manipulating browser security settings to install itself silently.
It employs a unique command-and-control mechanism known as EtherHiding, making it resilient against detection. Victims, primarily from India, experience immediate losses upon transaction confirmation without any chance of recovery. Best practices for defense include verifying wallet addresses, installing browser extensions from official sources, and regularly reviewing app permissions.