securityonline.info 7/3/2026, 10:51:23 AM · external

Fake Google Notes extension hijacks crypto via clipboard swap

Fake Google Notes extension hijacks crypto via clipboard swap
CyberSIXT Evidence Panel Source marked as original reporting

THE Silent Swap crypto clipper is a malicious browser extension recently identified that intercepts cryptocurrency transactions by tampering with the clipboard. It operates as a fake Google Notes extension, stealing digital assets by replacing copied wallet addresses with those controlled by attackers. The malware is spread through unsigned .NET and Golang installers from unverified sources, avoiding official app stores and manipulating browser security settings to install itself silently.

It employs a unique command-and-control mechanism known as EtherHiding, making it resilient against detection. Victims, primarily from India, experience immediate losses upon transaction confirmation without any chance of recovery. Best practices for defense include verifying wallet addresses, installing browser extensions from official sources, and regularly reviewing app permissions.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline