Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

New “Silent Swap” Malware Campaign Targets XRP and BTC via Fake Google Extension

July 3, 2026

SBI Crypto to shut down mining pool that holds roughly 2% of Bitcoin's hashrate

July 3, 2026

Bedrock Analytics Launches Bedrock Studio, the First App Store for CPG Analytics

July 3, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»New “Silent Swap” Malware Campaign Targets XRP and BTC via Fake Google Extension
Security

New “Silent Swap” Malware Campaign Targets XRP and BTC via Fake Google Extension

July 3, 2026No Comments2 Mins Read

  • McAfee Advanced Threat Research discovered the malware campaign dubbed “Silent Swap.”
  • The malicious software uses a fake Google Notes extension on Chromium browsers.
  • The campaign registers a high volume of global infections, concentrating in India.

Cybersecurity researchers at McAfee detected Silent Swap, a sophisticated malware campaign designed to divert Bitcoin and $XRP transfers by manipulating Chromium-based browsers. The company’s technical report indicates that attackers manage to intercept users’ clipboards to substitute legitimate wallet addresses with wallets controlled by the attack operators.

The initial infection occurs through the download of modified installers. The McAfee report details that these executable files, developed in .NET or Golang languages, are typically distributed under the guise of free programs or cracked versions of commercial software.

Once the user runs this installer on their operating system, the malicious component deploys automatically into local storage. The technical report specifies that this process directly alters the internal configuration files of the victims’ browser application.

Advanced Evasion and Persistence Techniques

The malware injects an extension that simulates being a legitimate “Google Notes” tool. According to McAfee’s data, the malicious software has the ability to evade standard defenses of browsers like Chrome, Microsoft Edge, Brave, and Opera by autonomously recalculating the security verification values that these systems require after undergoing internal modifications.

“The fake extension grants itself invasive permissions within the system once installed,” the cybersecurity firm’s report indicates.

Unlike traditional clipper-type trojans, which contain fixed addresses within their code, this system utilizes a dynamic infrastructure. When the code detects that the user has copied an address matching the patterns for BTC, ETH, $XRP, Bitcoin Cash, or Dash, it queries the attacker’s server directly.

See also  Mining 229 BTC Showcases Cloud Mining Resilience

McAfee analysts point out that the server returns an alternative address in real time that matches the detected cryptocurrency. This mechanism makes tracking difficult for security analysts due to the constant rotation of the receiving wallets.

The attack infrastructure does not rely on static domains either. According to McAfee’s documentation, the operators employ a technique known as “EtherHiding,” which allows them to conceal command and control (C2) instructions within smart contracts on publicly accessible blockchain networks. The firm’s geographical analysis determined that the campaign maintains a global reach, identifying an especially high volume of compromised systems in the India region during the monitoring phases of the first half of this year.

Source link

BTC Campaign Extension fake Google Malware Silent Swap Targets XRP

Related Posts

CertiK debuts invite-only bug bounty platform for web3 researchers

July 3, 2026

XRP and BTC Among Coins Targeted in New Malware Campaign

July 2, 2026

U.S. Treasury Sanctions 134 Crypto Wallets Linked to ISIS-K in Major Crackdown

July 2, 2026

Drift Protocol Rebrands to Velocity DEX Ahead of Relaunch

July 2, 2026
Top Posts

Global Gold Demand Soars to Record $193,000,000,000 As Trade Group Says Geopolitical Risk Premium To Continue Raising Demand

May 8, 2026

Experts Clash Over Ransomware Payment Ban

March 16, 2026

Partner of Trump-Backed World Liberty Linked to Sanctioned Cambodian Scam Company: Report

April 10, 2026

Type above and press Enter to search. Press Esc to cancel.