Feeds.Feedburner
Malicious Google Notes Extension Swaps Crypto Wallet Addresses
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A malicious browser extension named 'Google Notes' targets cryptocurrency users by swapping wallet addresses during transactions. This clipper malware is delivered through unsigned installers on Chromium-based browsers, making detection difficult. The extension masquerades as a note-taking tool while monitoring and altering copied wallet addresses. It operates by requesting extensive permissions, including access to all websites and the clipboard, which are atypical for such applications. McAfee researchers identified the extension, which has a global impact, particularly in India, where a higher concentration of affected users has been noted. The malware retrieves command server domains from public blockchain smart contracts, complicating detection efforts. Users are advised to verify wallet addresses, install extensions only from official sources, and maintain device protection.
Key Points: • The 'Google Notes' extension swaps cryptocurrency wallet addresses during transactions. • It is delivered via unsigned installers and operates on Chromium-based browsers. • Users are advised to verify wallet addresses and only install extensions from official sources.