[geek_at]

kind of reminds me of the very subtle malware found in a modified version of a bitcoin wallet that would lay low but when you copy-paste a BTC address in the recepient field, the malware replaces the clipboard with their own address in hopes you don't check it twice

But only if the user has a high balance on their own wallet.

At least one person fell for this when they made a small test-transfer which went through but when they entered the higher BTC amount the recipient was replaced. Pretts smart and evil stuff

[waitforit]

At the last Advent of Code there was a person whose solution didn't pass because a part of their input was replaced by a dogecoin address

https://old.reddit.com/r/adventofcode/comments/zb98pn/2022_d...

[jsheard]

Also here, what appeared to be a bug in ImGuis clipboard handling turned out to be a crypto stealer

https://github.com/ocornut/imgui/issues/4029

[stravant]

It gets even better, those malware even dynamically generate replacement wallets, finding ones that have similar starting and ending characters to the target one so that the victim can't easily recognize that the wallet has been replaced.

[pluijzer]

Wow, that is nasty. I would actually fall for that, I never thought of double checking copy/pasted data, only in cases I copied something similar before and I want to make sure I really did press copy.

[blibble]

if you read the breakdown of the disassembly the minecraft malware does this too!