malwarebtc
23,328 views
3 Discussing
Hot
Latest
⚠️ Urgent Security Warning: I found the Extension That Changed My Binance Deposit Address!
An extension installed in my browser intercepted and replaced the original Binance deposit address with a scam address and I lost some USDT assest as a result.
🧩 I’ve confirmed that the issue was caused by a malicious browser extension (“Save to Google Drive” v4.0.5): which had suspicious permissions:
"Read and change all your data on websites you visit"
"Modify clipboard data"
"Inject scripts"
When the extension is ON, the USDT (TRC20) deposit address shown on the official Binance website is replaced with this scam address: TCBbpHGoaTAkbkMgBYkg2N26ZHQ7RWVhA9
When the extension is OFF, the correct wallet address is shown: THzdVHx46GjiuE4gstvdUYcQHZEKQEzdoG
You can clearly see this behavior in the attached screenshots below.
💡 This confirms it’s a front-end malware injection attack—not a phishing site, but a browser extension hijacking live data on Binance's official website.
💡 Important Advice to All Binance Users:
✅ Always double-check your deposit address using a different device or the official Binance app.
✅Use Binance desktop software if possible.
✅Remove suspicious browser extensions, even if they seem legitimate
✅Record your original address generation screen and save it.
I hope Binance security team investigates such extension-based attacks and educates users on this growing threat.
Let’s protect each other.
Follow me to get similar security warnings!
$BANANAS31
$TON
$STRK
#CryptoScam #Binance #ScamAwareness #Malwareattack #malwarebtc
An extension installed in my browser intercepted and replaced the original Binance deposit address with a scam address and I lost some USDT assest as a result.
🧩 I’ve confirmed that the issue was caused by a malicious browser extension (“Save to Google Drive” v4.0.5): which had suspicious permissions:
"Read and change all your data on websites you visit"
"Modify clipboard data"
"Inject scripts"
When the extension is ON, the USDT (TRC20) deposit address shown on the official Binance website is replaced with this scam address: TCBbpHGoaTAkbkMgBYkg2N26ZHQ7RWVhA9
When the extension is OFF, the correct wallet address is shown: THzdVHx46GjiuE4gstvdUYcQHZEKQEzdoG
You can clearly see this behavior in the attached screenshots below.
💡 This confirms it’s a front-end malware injection attack—not a phishing site, but a browser extension hijacking live data on Binance's official website.
💡 Important Advice to All Binance Users:
✅ Always double-check your deposit address using a different device or the official Binance app.
✅Use Binance desktop software if possible.
✅Remove suspicious browser extensions, even if they seem legitimate
✅Record your original address generation screen and save it.
I hope Binance security team investigates such extension-based attacks and educates users on this growing threat.
Let’s protect each other.
Follow me to get similar security warnings!
$BANANAS31
$TON
$STRK
#CryptoScam #Binance #ScamAwareness #Malwareattack #malwarebtc
_LeoNix_:
So you’d rather loose all instead of loosing some..??
🚨 SCAM ALERT – Malware Changed Binance Deposit Address
I recently lost some USDT because malware, most probably from browser extension, changed my Binance TRC20 deposit address on the official Binance website.
Always double-check your deposit address from multiple devices (browser + mobile app or desktop app).
Remove ALL unknown browser extensions.
My fake address was: TCBbpHGoaTAkbkMgBYkg2N26ZHQ7RWVhA9 — not even linked to Binance.
Stay safe and share this to save others.
#CryptoScam #Binance #ScamAwareness #Malwareattack #malwarebtc
I recently lost some USDT because malware, most probably from browser extension, changed my Binance TRC20 deposit address on the official Binance website.
Always double-check your deposit address from multiple devices (browser + mobile app or desktop app).
Remove ALL unknown browser extensions.
My fake address was: TCBbpHGoaTAkbkMgBYkg2N26ZHQ7RWVhA9 — not even linked to Binance.
Stay safe and share this to save others.
#CryptoScam #Binance #ScamAwareness #Malwareattack #malwarebtc
china malware attack btc
#malwarebtc Chinese printer maker spread Bitcoin stealing malware — Report
Chinese printer maker Procolored reportedly spread clipboard-hijacking Bitcoin malware via its official drivers in a supply chain attack that led to over $950,000 in stolen funds.Chinese printer manufacturer Procolored distributed Bitcoin-stealing malware alongside its official drivers, according to local media reports.
Chinese news outlet Landian News reported on May 19 that Shenzhen-based printer company Procolored has been distributing Bitcoin-stealing
BTC
$104,159
malware alongside official drivers. The company reportedly used USB drivers to distribute malware-ridden drivers and uploaded the compromised software to cloud storage for global download.
A total of 9.3 BTC worth over $953,000 have been stolen, according to the report. Crypto tracking and compliance firm Slow Mist described how the malware operates in a May 19 X post:
“The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user’s clipboard and replace it with the attacker's address.Related: Massive supply chain attack targeting small number of crypto companies: Kaspersky
YouTuber flags malware in Procolored drivers
Landian News recommended users who downloaded Procolored printer drivers in the past six months to “immediately perform a full system scan using antivirus software.” Still, given the hit or miss nature of antivirus software, a full system reset is always the better option when in doubt:
“Ideally, you should reinstall your operating system and thoroughly check old files.“
The issue was allegedly first reported by YouTuber Cameron Coward, whose antivirus software detected malware in the drivers while testing a Procolored UV printer. The software flagged the drive as containing a worm and a trojan virus named Foxif.
Related: Coinbase faces $400M bill after insider phishing attack
Cybersecurity company confirms crypto-stealing malware
When contacted, Procolored denied the claims and dismissed the antivirus tool flagging the drivers as a false positive. Coward turned to Reddit, where he shared the issue with cybersecurity professionals, attracting the attention of cybersecurity firm G-Data
Chinese printer maker Procolored reportedly spread clipboard-hijacking Bitcoin malware via its official drivers in a supply chain attack that led to over $950,000 in stolen funds.Chinese printer manufacturer Procolored distributed Bitcoin-stealing malware alongside its official drivers, according to local media reports.
Chinese news outlet Landian News reported on May 19 that Shenzhen-based printer company Procolored has been distributing Bitcoin-stealing
BTC
$104,159
malware alongside official drivers. The company reportedly used USB drivers to distribute malware-ridden drivers and uploaded the compromised software to cloud storage for global download.
A total of 9.3 BTC worth over $953,000 have been stolen, according to the report. Crypto tracking and compliance firm Slow Mist described how the malware operates in a May 19 X post:
“The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user’s clipboard and replace it with the attacker's address.Related: Massive supply chain attack targeting small number of crypto companies: Kaspersky
YouTuber flags malware in Procolored drivers
Landian News recommended users who downloaded Procolored printer drivers in the past six months to “immediately perform a full system scan using antivirus software.” Still, given the hit or miss nature of antivirus software, a full system reset is always the better option when in doubt:
“Ideally, you should reinstall your operating system and thoroughly check old files.“
The issue was allegedly first reported by YouTuber Cameron Coward, whose antivirus software detected malware in the drivers while testing a Procolored UV printer. The software flagged the drive as containing a worm and a trojan virus named Foxif.
Related: Coinbase faces $400M bill after insider phishing attack
Cybersecurity company confirms crypto-stealing malware
When contacted, Procolored denied the claims and dismissed the antivirus tool flagging the drivers as a false positive. Coward turned to Reddit, where he shared the issue with cybersecurity professionals, attracting the attention of cybersecurity firm G-Data
Login to explore more contents