MEDIUMVulnerability
Global

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that

Analysis

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that
Source Attribution

Originally published by The Hacker News on Jun 30, 2026.

Related Threats