Imagine your clipboard gets compromised - what's the worst that could happen?
Clipboard hijacking malware exploits the fact that when making a crypto payment, you'll usually copy (Ctrl + C) the payment address before pasting (Ctrl + V) it into your wallet. So this kind of malware simply monitors anything you copy to your clipboard and compares it against a bunch of regular expressions matching crypto wallet addresses.
If it finds a match, it'll replace that kind of crypto address with one of its own. So when you hit paste you end up sending your crypto to cyber criminals by mistake.
However, clipboard hijacking is relatively easy to counter. You simply compare the two wallet addresses. This is what a wallet address looks like: 0x983907410272C502Fdb12506D313f6DDabDc3C6F. It would take ages to compare every digit and it’s randomly generated, so it makes sense to only look at the last few digits. Similarly to phone numbers, you would usually remember just a few digits to identify who is calling. So it should be enough to do a decent check on whether you have copied the right address.
But clipboard hijacking has mutated. Laplas Clipper counters this counter. It’s sold on hacker forums via a subscription of $59 per month. A ThaaS, theft-as-a-service business, so to say. In return, cyber criminals get a web interface where they can generate an executable, view their infections as well as their crypto wallets.
Laplas Clipper makes sure to replace wallet addresses with an address where the last few characters are identical, dramatically increasing the chance that even if you checked these last few characters, you wouldn't notice that it's a completely different address.
It probably uses something like Vanitygen to precompute billions of wallet addresses, and then replaces them as needed. That is, they precompute a big database of billions of wallet addresses. An Eth address is hexadecimal, so for the last 4 characters you need 16^4 = 65k addresses! You could even do the first 4 and last 4 characters, which is just 8 characters, for a total of only 4 billion addresses! That fits really easily in a normal database and query time for SQL for this is in milliseconds.
How can you protect yourself from such an attack:
Skim through the whole wallet address, not just the beginning and end.
Save addresses that you interact with in the contact books of your interface (MetaMask, Ledger Live etc.)
Have a separate Linux OS (e.g. a live USB) only for transactions, this reduces malware attack surface.
Use Peanut Protocol to generate payment links, they are claimable directly through MetaMask, so no clipboard hijacking is possible. Let me know if you decide to use it. Hugo and I have built it.
Good luck out there!