- McAfee Reports “Silent Swap,” a Malicious Chromium Extension Disguised as Google Notes That Secretly Hijacks Crypto Transactions
- It functions like a clipboard hijacker, swapping copied wallet addresses with those controlled by the attacker so that victims unknowingly send funds to criminals.
- Researchers advise always verifying full wallet strings before sending them, as attackers can create similar addresses differing by only a few characters.
Researchers have discovered another extension for Chromium-based browsers, designed solely to steal users’ hard-earned cryptocurrency.
A report from McAfee has raised the alarm about Silent Swap, malware hidden inside a seemingly harmless Google Notes extension.
Victims who stumble across it and download it (most likely through phishing, social engineering, or shady forums and websites) will get an extension that, on the surface, works as expected. It displays a small window where the victim can enter a note and save it. They can color-code notes and search through saved ones. However, this was only done to hide the program’s true intentions, which are to steal cryptocurrency.
Hijack the clipboard
Silent Swap works like a typical clipboard hijacker. It monitors the clipboard for strings that resemble a crypto wallet – seemingly random strings of 26 to 42 alphanumeric characters.
When it spots one, it replaces it with another belonging to the attacker. So when the victim pastes the address into the wallet to send the funds, they are actually sending them to the address belonging to the attackers.
This works because crypto wallets are almost impossible to remember and too risky to enter from a piece of paper or other document, forcing users to resort to copy and paste.
Once the victim sends the funds, they are almost certainly irretrievably gone. Only if the funds are sent from a centralized exchange (like Coinbase, for example) and the victim detects the attack quickly enough can they ask the exchange’s support to freeze the transaction. In all other cases, once the money is sent, it disappears.
The best way to defend against these attacks is to cross channels before hitting send. Some people only check the first and last characters, but security researchers don’t recommend this because some clipboard hijackers can generate addresses that differ by only a few characters.

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




