Rust-based clipboard hijacker that swaps wallet addresses
Malware Activity
Summary
Hide ▲
Show ▼
The Rust-based clipper is a Windows and macOS malware activity that replaces copied cryptocurrency wallet addresses with attacker-controlled destinations. It continuously watches the clipboard for wallet-pattern matches and swaps in addresses from a hard-coded list, diverting transfers. The payload is concealed inside Solana and Pump.fun sniper bots and crash-game predictors, increasing theft risk for cryptocurrency users.
Related Happenings
Ghost Networks crypto-clipper promotion campaign
Campaign
H score13
First: 17.06.2026 21:14
Last: 17.06.2026 21:14
Sources 1
How related:
The end goal of the campaign is to push a cryptocurrency clipboard hijacker that's concealed within Solana and Pump.fun sniper bots and crash-game predictors, suggesting that cryptocurrency asset holders and online gamblers on the hunt for shortcuts and quick profits are the targets.
About this happening:
The **unknown threat actor** is running an **active June 2026** cross-platform promotion campaign that uses fake reputation signals to push a **cryptocurrency clipboard hijacker**...
Ghost Networks crypto-clipper promotion campaign
CampaignHow related: The end goal of the campaign is to push a cryptocurrency clipboard hijacker that's concealed within Solana and Pump.fun sniper bots and crash-game predictors, suggesting that cryptocurrency asset holders and online gamblers on the hunt for shortcuts and quick profits are the targets.
About this happening: The **unknown threat actor** is running an **active June 2026** cross-platform promotion campaign that uses fake reputation signals to push a **cryptocurrency clipboard hijacker**...
NFCShare fake banking-app update phishing campaign
Campaign
H score40
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
NFCShare fake banking-app update phishing campaign
CampaignAbout this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
JINX-0164 cryptocurrency recruitment-lure campaign
Campaign
H score39
First: 28.05.2026 10:54
Last: 28.05.2026 10:54
Sources 1
About this happening:
A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
JINX-0164 cryptocurrency recruitment-lure campaign
CampaignAbout this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
SHub Reaper macOS infostealer variant
Malware Activity
H score23
First: 19.05.2026 00:42
Last: 19.05.2026 00:42
Sources 1
About this happening:
The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...
SHub Reaper macOS infostealer variant
Malware ActivityAbout this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...
Gremlin stealer modular toolkit evolution
Malware Activity
H score21
First: 15.05.2026 17:19
Last: 15.05.2026 17:19
Sources 1
About this happening:
The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Gremlin stealer modular toolkit evolution
Malware ActivityAbout this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Timeline
-
17.06.2026 21:14 2 articles · 1h ago
Check Point Research identifies a Rust-based clipboard hijacker that swaps cryptocurrency wallet addresses
Initial DisclosureCheck Point Research identifies an unknown threat actor using paid or promoted posts, fake accounts, and Ghost Networks to promote a Rust-based clipboard hijacker hidden in Solana and Pump.fun sniper bots and crash-game predictors. The malware targets Windows and macOS systems, continuously monitors the clipboard for cryptocurrency wallet address patterns, and replaces matched addresses with attacker-controlled ones from a hard-coded list, diverting digital assets from cryptocurrency users and online gamblers.
Show sources
- Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments — thehackernews.com — 17.06.2026 21:14
- Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments — thehackernews.com — 17.06.2026 21:14