Breaking News

Beware of the Clipboard Malware

Do not use the Clipboard for Bitcoin addresses!

Please watch out for “Trojan.Coinbitclip” and there may be maybe more around. The idea here is that computers and phones can get infected in the clipboard (the small part that does the copy paste function). This can come from many sources but likely from a program or app installed that does some extra stuff. It looks for the bitcoin type address and replaces it with its own. So you copy yours or someone you want to send to and the clipboard sees it and changes it to theirs. The money transfer will then be to the wrong place and the coins are gone!

More often than we thought, people are using the clipboard for transfering their Bitcoin address to another app. Let's reiterate why this is dangerous:

Any app on your phone can read or write the clipboard without any permission. It would be trivial for a malicious app to listen for Bitcoin addresses and replace them by your own address, stealing all coins from that payment. If you compare addresses to protect against this, you need to compare more than just a few digits!

Whenever possible, please use the QR code or NFC to initiate payments. If need to receive coins from web sites, ask them to implement scanning QR codes using your webcam or even support NFC (there is JavaScript APIs for both). The BIP70 payment protocol is waiting for you since almost 1 year -- please use it!

If you want to send your Bitcoin address by mail or message, use the Share button on the Request coins screen. If you want to receive coins from a locally installed app (e.g. another wallet), use the Request from local app action in the options menu. If all else fails, you need to manually type the Bitcoin address to stay on the safe side.

By the way, this issue affects all other platforms as well, not only Android.
HJ Banayat

HJ Banayat

No comments:

Post a Comment

© 2014. Compumatrix and Networks International, Inc. Powered by Blogger.