PRINTER - A NEW THREAT TO CRYPTO CURRENCY WALLET 🚨
A new threat to cryptocurrency users has emerged in the form of a malicious printer driver, as reported by MistTrack, the cybersecurity division of SlowMist. This exploit allows attackers to hijack a user's clipboard, replacing copied cryptocurrency wallet addresses with their own.
The malicious driver, disguised as a legitimate printer driver, installs a backdoor program on the user's computer. Once installed, it monitors the clipboard for crypto wallet addresses. If a user copies a wallet address to send funds, the malware surreptitiously substitutes it with the attacker's address. If the user doesn't notice this change before pasting, the funds are then diverted to the attacker's wallet.
According to MistTrack's on-chain data, the attacker has already stolen over 9.3 Bitcoin, valued at nearly $1 million. The attacker's wallet has been active since 2016, with its most recent activity detected on March 14, 2024, and it is linked to multiple cryptocurrency exchanges.
This type of exploit, where malicious code is distributed through seemingly legitimate software installations, is not unprecedented. For example, CyberArk highlighted a similar malware called MassJacker in March 2025. While MassJacker also manipulated clipboard data to redirect cryptocurrency transactions, it used a vast number of unique addresses (over 750,000) and typically infiltrated systems through pirated software downloads, unlike the printer driver exploit which uses a recurring address.
