Cryptocurrency users are being targeted by a malicious browser extension named “Google Notes” that replaces wallet addresses during transactions. This type of attack, known as clipper malware, is delivered through a malicious extension installed on Chromium-based browsers. This campaign uses unsigned installers to bypass normal installation processes, making it harder for users to detect. The extension presents itself as a note-taking tool but secretly monitors and alters copied cryptocurrency wallet addresses before they are pasted into payment fields, based on information published by HackRead.The “Google Notes” extension, identified by McAfee researchers, operates by requesting broad permissions, including access to all websites, browsing history, and the clipboard, which are unusual for a note-taking application. It bypasses standard browser store approval by directly modifying browser preference files, allowing it to load without the user’s explicit consent, especially on older Chromium-based browsers where developer mode might be exploited. Once active, the malware scans copied text for wallet formats associated with major cryptocurrencies such as Bitcoin, Ethereum, Bitcoin Cash, Ripple, and Dash. The attackers have also implemented a remote control method that retrieves command server domains from public blockchain smart contracts, making detection and blocking more challenging.McAfee telemetry indicated a global spread, with India showing a higher concentration of affected users, suggesting an opportunistic campaign against consumer cryptocurrency users worldwide. To mitigate risks, users are advised to verify wallet addresses carefully, install extensions only from official stores, review permissions, avoid unsigned software, and maintain active device protection.Source: HackRead



















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































