Grafa
Silent Swap malware targets Bitcoin and XRP
Image for illustrative purposes only. Not a real photo.

Silent Swap malware targets Bitcoin and XRP

Share
  • Cybersecurity researchers at McAfee uncovered "Silent Swap", a malware campaign that replaces copied cryptocurrency wallet addresses with attacker-controlled addresses.
  • The malware targets Bitcoin, Ethereum, XRP, Bitcoin Cash, Dash and other cryptocurrencies through a malicious browser extension.
  • Researchers said the campaign uses advanced techniques to evade browser security and dynamically retrieve replacement wallet addresses from remote servers.

McAfee researchers identified a cryptocurrency-stealing malware campaign called Silent Swap that targets users of Bitcoin (CRYPTO:BTC), Ethereum (CRYPTO:ETH), XRP (CRYPTO:XRP), Bitcoin Cash (CRYPTO:BCH), Dash (CRYPTO:DASH) and other digital assets by replacing copied wallet addresses with attacker-controlled ones.

The campaign typically begins when users download malicious .NET or Golang installers disguised as legitimate or cracked software, which then install a browser extension posing as a "Google Notes" application.

McAfee Advanced Threat Research said Silent Swap bypasses Chromium browser security checks by modifying configuration files and recalculating security verification values after injecting its code.

The malicious extension monitors copied cryptocurrency wallet addresses and queries an attacker-controlled backend server for replacement addresses instead of relying on hardcoded wallet information, while using EtherHiding techniques to conceal its command-and-control infrastructure.

Researchers said the malware affects Chromium-based browsers including Google Chrome, Microsoft Edge, Brave and Opera by granting itself extensive browser permissions after installation.

Unlike traditional crypto clipper malware, Silent Swap combines browser manipulation, decentralised command-and-control infrastructure and server-side wallet mapping to make detection more difficult.

McAfee said the campaign has infected users globally, with a particularly high concentration of victims reported in India.

At the time of reporting, Bitcoin price was $59,891.56.

Frequently asked questions

Grafa is not a financial advisor. You should seek independent, legal, financial, taxation or other advice that relate to your unique circumstances.

Grafa is not liable for any loss caused, whether due to negligence or otherwise arising from the use of or reliance on the information provided directly or indirectly, by use of this platform.