Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Silent Swap browser-extension clipboard clipper

Malware Activity
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

The Silent Swap malware activity now installs malicious Chromium extensions that intercept copied wallet addresses and reroute cryptocurrency transfers to attacker-controlled wallets, creating direct financial-loss risk for affected users. The activity also steals other clipboard-derived secrets and hides behind a benign-looking Google Notes extension. It uses unsigned .NET and Golang installers and browser tampering to load silently across Chromium-based browsers.

Related Happenings

Silent Swap browser-extension crypto-theft campaign

Campaign
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

How related: Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction.

About this happening: The **Silent Swap** campaign is replacing copied cryptocurrency wallet addresses with attacker-controlled ones, creating a risk of permanent financial loss for **crypto users**. I...

Open Happening

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Open Happening

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Open Happening

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

Open Happening

Torg Grabber browser-extension theft activity

Malware Activity
H score36 First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

Open Happening

Timeline

  1. 30.06.2026 18:40 2 articles · 2h ago

    Silent Swap browser extension replaces copied wallet addresses

    Initial Disclosure

    McAfee Labs flagged Silent Swap, an active browser-extension campaign that uses unsigned .NET and Golang installers to deploy a malicious Chromium extension masquerading as Google Notes. The extension intercepts wallet addresses copied into the clipboard and replaces them with attacker-controlled values to divert cryptocurrency, while EtherHiding is used to resolve active C2 details and browser preference-file tampering helps the extension persist and load silently across Chromium-based browsers. Telemetry indicates infections are globally distributed, with a higher concentration in India and additional victims in the U.S., Brazil, Indonesia, and Spain.

    Show sources
    Open in new tab