FR|EN
Tech essential, everyday
FR|EN
CybersecurityJune 30, 2026· via The Hacker News

Silent Swap Malware Steals Crypto via Fake Google Notes Extension

Silent Swap Malware Steals Crypto via Fake Google Notes Extension

Image : The Hacker News

Cybercriminals are deploying a sophisticated cryptocurrency clipper malware named Silent Swap that quietly swaps wallet addresses during transactions—without the user noticing. Security researchers at McAfee Labs have identified an active campaign distributing the malware through unsigned installers, including versions written in .NET and Golang. The threat actors are leveraging a counterfeit Google Notes browser extension to carry out their attacks, tricking victims into sending funds to attacker-controlled wallets instead of their intended recipients.

How Silent Swap Operates Under the Hood

The malware operates by monitoring clipboard activity for cryptocurrency wallet addresses. When a user copies a valid wallet address to paste into a transaction, Silent Swap intercepts the clipboard data and replaces it with a fraudulent address controlled by the attackers. This substitution happens in real time, making the theft nearly undetectable to the victim. The use of unsigned installers complicates detection, as these files are not signed by legitimate developers and can bypass some security checks.

The campaign’s reliance on a fake Google Notes extension highlights a growing trend in malware delivery: impersonating popular productivity tools to gain user trust. By mimicking a familiar interface, attackers increase the likelihood of successful installation and prolonged operation before detection. Researchers note that both .NET and Golang variants of the installer have been observed, suggesting a flexible and evolving threat.

Protecting Yourself Against Silent Swap

Users should remain cautious when installing browser extensions, especially those purporting to be from well-known services like Google Notes. Verifying the extension’s publisher, checking user reviews, and avoiding unsigned downloads can reduce exposure to such threats. Additionally, enabling clipboard monitoring tools or wallet address verification features in cryptocurrency platforms may help detect unauthorized changes before funds are sent. As always, keeping security software up to date remains a critical defense against emerging malware campaigns.

Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on The Hacker News →

← Back to home