Implementing A Clipboard Malware For Cryptocurrency Wallets

Scenario

Consider we are having three Bitcoin users (Alice and Bob) and a malicious user (Eve). Since Alice, Bob, and Eve are Bitcoin users, they all own a Bitcoin wallet. Each Bitcoin wallet consists of a Bitcoin address.

Implementation

Now that we have explained the general plan of the attack, let’s see how we will implement this malware.

getClipboard()

First, we have the getClipboard() function, which is going to read the clipboard buffer. We assign a variable called data, where we store the content of the clipboard by using the .paste() method.

getClipboard() function

setClipboard()

setClipboard() function takes over the control of the clipboard and changes the data that is stored in it. First, we determine our Bitcoin address as a parameter in the .copy method. The .copy method copies a value in the clipboard buffer, which in our case this value is our Bitcoin address. Next, the .paste method will paste whatever is stored in the clipboard buffer.

setClipboard() function
Full script

Results

W now assume that we want to copy and paste Bob’s address, in order to send him an amount of Bitcoin. When we go to our wallet and paste this address, the address which is pasted is not Bob’s address but the address which has been determined in the script.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store