New “Silent Swap” Malware Campaign Targets XRP and BTC via Fake Google Extension

TL;DR:

  • McAfee Advanced Threat Research discovered the malware campaign dubbed “Silent Swap.”
  • The malicious software uses a fake Google Notes extension on Chromium browsers.
  • The campaign registers a high volume of global infections, concentrating in India.

Cybersecurity researchers at McAfee detected Silent Swap, a sophisticated malware campaign designed to divert Bitcoin and XRP transfers by manipulating Chromium-based browsers. The company’s technical report indicates that attackers manage to intercept users’ clipboards to substitute legitimate wallet addresses with wallets controlled by the attack operators.

The initial infection occurs through the download of modified installers. The McAfee report details that these executable files, developed in .NET or Golang languages, are typically distributed under the guise of free programs or cracked versions of commercial software.

Once the user runs this installer on their operating system, the malicious component deploys automatically into local storage. The technical report specifies that this process directly alters the internal configuration files of the victims’ browser application.

Advanced Evasion and Persistence Techniques

The malware injects an extension that simulates being a legitimate “Google Notes” tool. According to McAfee’s data, the malicious software has the ability to evade standard defenses of browsers like Chrome, Microsoft Edge, Brave, and Opera by autonomously recalculating the security verification values that these systems require after undergoing internal modifications.

“The fake extension grants itself invasive permissions within the system once installed,” the cybersecurity firm’s report indicates.

Unlike traditional clipper-type trojans, which contain fixed addresses within their code, this system utilizes a dynamic infrastructure. When the code detects that the user has copied an address matching the patterns for BTC, ETH, XRP, Bitcoin Cash, or Dash, it queries the attacker’s server directly.

McAfee analysts point out that the server returns an alternative address in real time that matches the detected cryptocurrency. This mechanism makes tracking difficult for security analysts due to the constant rotation of the receiving wallets.

The attack infrastructure does not rely on static domains either. According to McAfee’s documentation, the operators employ a technique known as “EtherHiding,” which allows them to conceal command and control (C2) instructions within smart contracts on publicly accessible blockchain networks. The firm’s geographical analysis determined that the campaign maintains a global reach, identifying an especially high volume of compromised systems in the India region during the monitoring phases of the first half of this year.

read the full story

Why Bitcoin Retested $58K Despite Supportive Macro Backdrop

Bitcoin retreated toward $58K despite improving financial conditions, highlighting an unusual market…

Bitcoin Rebounds Above $60K After Brief Drop to $57.7K as Bearish Pressure Fades

TL;DR: Bitcoin’s price dropped to an intraday low of $57,735 before rebounding back above the…

South Korea’s K Wave Media exits Bitcoin after 10,000 BTC goal

K Wave Media sold 88 BTC to repay $6 million in debt, ending its Bitcoin treasury push after once…

Analyst warns BTC could drop further after worst June since 2022

The June close above realized price but below the 200-week moving average “signals the bear bottom…

Bitcoin Power Law Goes Peer-Reviewed: Will the Model Survive the Bear Market?

A peer-reviewed study validates the Bitcoin Power Law, linking BTC's long-term growth to network…

STBL Launches USST Stablecoin on Stellar as Institutions Chase Real-World Asset Liquidity

STBL has launched USST, an institutional-grade stablecoin backed by real-world assets (RWAs), on the…

Trumps’ American Bitcoin sinks 8.4% ahead of reverse stock split to stay listed

The Trump sons' American Bitcoin hit a low on Wednesday ahead of the company’s reverse stock…

US Spot Bitcoin ETFs Bleed $4.5 Billion in June, Worst Month Since Launch

US spot Bitcoin ETFs just had their worst month on record. June brought $4.5 billion in net outflows…

Bitcoin starts H2 in a bear market as ETFs, Fed and Strategy set $100K-or-$50K test

Bitcoin is entering the second half of the year with its support system, which powered its last…

Bitcoin Clears $60,000 as Traders Call a July Relief Rally Their Base Case

Bitcoin punched back above $60,000 at the start of July. Not quietly — with enough force to pull…

Bitcoin tops $60K amid Fed inflation talks: Is bull trap or $65K next?

Bitcoin rallied above $60,000 despite Federal Reserve rate hike fears and steady outflows from the…

Bitcoin ETFs Bleed $4.51 Billion in June as Institutions Chase AI Stocks

Bitcoin ETFs just had their worst month ever. Investors pulled $4.51 billion out of these funds in…

Cloudflare Launches Monetization Gateway for Stablecoin Payments via x402

Cloudflare opened a waitlist for its Monetization Gateway on Wednesday, letting customers charge for…

AI Open-Source Faces Challenges Similar to Bitcoin’s 2014 Struggles

History repeats itself. Not exactly, but enough to warrant attention. Open-source artificial…

Bitcoin bounces off 21-month low, but leverage data signals caution: Was $57K the bottom?

Bitcoin found its footing after bulls took steps to reclaim the $60,000 level, but data casts doubt…

Bitcoin Climbs Past $60,000 as Warsh Signals Easing Inflation Risk

Bitcoin punched through $60,000 Wednesday. Federal Reserve Chair Kevin Warsh told attendees at the…

XRP and BTC Among Coins Targeted in New Malware Campaign

WARNING: Cybersecurity researchers at McAfee have uncovered "Silent Swap," a highly sophisticated…