Silent Swap Crypto Clipper: Fake Google Notes Steals Wallet Addresses
Emily Davis ยท
Listen to this article~4 min
McAfee Labs uncovered Silent Swap, a crypto clipper campaign using a fake Google Notes extension to swap wallet addresses. Unsigned installers deliver the threat, targeting crypto users in the US.
If you're into crypto, you know that one wrong click can cost you everything. A new threat called Silent Swap is making that risk even scarier. Cybersecurity researchers at McAfee Labs caught this browser extension campaign that quietly swaps out wallet addresses while you're trying to send funds. It's a nasty trick, and it's already out there.
So how does it work? The bad guys create a fake Google Keep Notes extension. It looks legit, like something you'd actually install. But once it's in your browser, it waits. When you copy a wallet address to send crypto, the extension swaps it with the attacker's address. You think you're paying someone, but your money goes straight to a thief. It's called a clipper, and it's been around for a while, but this version is more polished.
### The Silent Swap Campaign
McAfee Labs gave it the name Silent Swap because it operates quietly. The campaign uses unsigned installers, which means they don't have proper digital signatures. That's a red flag right there. The researchers found two versions: one built with .NET and another using Golang. Both do the same thingโreplace wallet addresses without you noticing.
Here's a breakdown of what makes this dangerous:
- **Stealth mode**: The extension blends in with real Google tools, so you don't suspect anything.
- **Real-time swapping**: It watches your clipboard and swaps addresses the moment you copy one.
- **No signature needed**: Unsigned installers bypass some security checks, making them harder to block.
This isn't just a theory. People have lost real money to these clippers. The best defense is to double-check every address before hitting send. But even that can be tough if you're not paying attention.
### Why This Matters for Crypto Users
Crypto transactions are irreversible. Once you send funds, there's no undo button. That's why clippers like Silent Swap are so effective. They prey on trust and speed. You think you're being careful by copying an address, but the extension is one step ahead. It's a reminder that browser extensions aren't always safe, even if they look official.
To protect yourself, stick to hardware wallets and verified extensions. Avoid installing anything from unknown sources. And always verify the address you're sending toโmaybe even send a small test amount first. It's a hassle, but it beats losing your savings.
### What You Can Do Right Now
McAfee Labs is tracking this campaign, but it's up to you to stay safe. Check your browser extensions regularly. Remove anything you don't recognize. If you see a Google Keep Notes extension that you didn't install, delete it immediately. Also, keep your antivirus software updated. It might catch these unsigned installers before they cause damage.
Silent Swap is a wake-up call. The crypto world moves fast, and scammers move faster. But with a little caution, you can stay ahead of them. Don't let a fake extension empty your wallet.
A deeper breakdown of GoLogin Review 2026 โ Fast, affordable anti-detect browser with cloud profiles - real examples, numbers, and what actually works.
A deeper breakdown of Undetectable.io Review 2026 โ Unlimited local profiles with solid fingerprint masking - real examples, numbers, and what actually works.