Cryptocurrencies provide holders with full control over their finances — for better and for worse.
Though cryptocurrencies give users full sovereignty over their assets and enable a great deal of financial freedom, this also leaves them responsible for the security of their funds. Deposit insurance schemes like the Financial Services Compensation Scheme or FDIC's Deposit Insurance don’t apply to cryptocurrencies.
Likewise, cryptocurrency transactions are generally irreversible, making recovery extraordinarily unlikely in most cases.
As a result, cryptocurrency holders are prime targets for hackers, scammers and crooks that would like nothing more than to separate you from your hard-earned funds.
Now, there’s a new type of malware on the loose, which iterates on the common address swap attack to form a particularly nasty and difficult-to-detect threat.
How Does It Work?
First uncovered by LocalMonero in October, the malware takes the form of a trojan that is loaded to the device through a dubious extension. Once installed, the malware will swap the address of the victim to an attacker-controlled address whenever they perform a purchase or transaction on their wallet.
The result being any funds are transferred to the hacker's wallet rather than the intended recipient.
Though this would usually be simple to detect by double-checking the address before submitting the transaction, the malware manages to execute the address swap in such a way that the switch is hidden from the user until it’s too late.
As detailed in the original Reddit post, the malware is loaded in the user's system after they inadvertently install a seemingly innocuous extension to their Chromium-based browser. In this case, the malware is disguised as a Google Sheets extension, but it's possible it has now been concealed within other types of extensions.
It is highly likely that this malware can be adapted to attack other cryptocurrencies and wallets, hence it’s now even more important to grasp the basics of crypto security.
Avoiding Address Swap Attacks
The malware currently uses JavaScript to carry out its effects — hence disabling JavaScript can neutralize it and reduce your browser’s attack surface. This can be easily achieved in the settings for most Chromium-based browsers.
Here’s the action flow for disabling it in native Chrome.
1. Open settings.
2. Search “Javascript.”
3. Click “Site Settings” under the Private and Security section.
4. Select the “Don’t allow sites to use Javascript” option.
As of writing, the malware only affects the LocalMonero peer-to-peer exchange, but it is highly likely that it is already being adapted to work with other exchanges, wallets and brokers.
Likewise, the malware currently only infects Windows devices, it has not been found on macOS, Android or iOS.
Besides disabling JavaScript, there are several other simple steps you can use to minimize your risk of falling victim to similar attacks. These include:
1. Never download, click or install add-ons, plugins, software or files from untrusted sources.
2. Perform a small test transaction before buying, selling or withdrawing cryptocurrencies from wallets/exchanges.
3. Use a hardware wallet. These allow you to double-check the recipient address on a non-tamperable external screen before you agree to process the transaction.
For a full rundown of popular hardware wallets currently available, see our recent list
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
