MistTrack recently revealed a new threat to the crypto space that steals funds from users’ wallets provided in the form of hijacking exploits found within printer drivers.
In a recent post, Slomast’s cybersecurity division has raised awareness about the rather new but difficult to detect threats entering the crypto space. Through the installed printer driver, a malicious backdoor program can hijack the user’s clipboard and replace the copied Crypto wallet address with the attacker’s address.
“The official driver provided by this printer includes a backdoor program. It hijacks the wallet address of the user’s clipboard and replaces it with the address of the attacker,” the Web3 Cybersecurity Platform wrote.
According to MistTrack’s on-chain data, the attacker stole at least 9.3086 Bitcoin (BTC) from dozens of on-chain addresses. Based on current prices, stolen funds will be nearly $1 million or about $989,383.
The crypto wallet address has been active since April 22, 2016. Before recent activity, the last on-chain transaction detected was March 14, 2024, linked to multiple crypto exchanges.
You might like it too: Frankfurt authorities seize $382 million from exchange on money laundering claim
How does exploit work?
The Hidden Malware exploit case occurs as a result of attackers distributing malicious code through programs that need to be installed on the user’s hardware, such as laptops, computers, or mobile devices, as highlighted by MistTrack. In this case, the attacker inserted the backdoor program through a printer driver that appears to be legitimate.
Once installed, the driver monitors the user’s clipboard (a temporary storage area where the copied data is held) for a cryptocurrency wallet address. If a user copies what appears to be a crypto wallet address to send funds, the malware will instead replace it with the attacker’s crypto wallet address.
If the user pastes what he believes to be the original Crypto wallet address from the clipboard and does not notice the hijacked changes, the funds will then be sent to the attacker’s wallet on behalf of the intended recipient.
A similar exploit was highlighted in March 2025 by Cyberark, which contains a malware called Massjacker. The malware allowed the attacker to access the user’s clipboard to change the original Crypto wallet address, redirect cryptocurrency transactions to an attacker-controlled wallet, and effectively steal funds from the victim’s wallet.
Unlike printer driver exploits, Massjacker used more than 750,000 unique addresses rather than repeating addresses. Malware was able to infiltrate users’ hardware through pirated and broken software downloaded from unofficial websites.
You might like it too: Zkasino Scammer Wallet lost $27.1 million after closing long position ETH
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
