Brave malware changing content of copied/pasted wallet address

Hi,

Recently noticed the copy clipboard for the wallet on Metamask is corrupted and always copy a specific wallet address that is not the one of my own wallet.

I’ve done all the trojan/malware scan I can, but nothing pops up. And when I do it on other browser, the issue disappears.

Somebody already mentioned this issue here : My browser Brave got hacked - copy/past hack (metamask wallet) and no devs even replied which is pretty incredible considering how metamask is widely used.

I’ll stop using Brave for now since I feel like all my other sensitive information might be at risk (Dashlane extension, etc.).

Edit : Ok, after playing around a little more. This is not the metamask clipboard specifically, but the clipboard generally, within Brave, that is hacked.

Even copy pasting something from an email recognizes the format of a wallet and then changes the content so that when you paste it it is a different address.

It is not a brave malware but an overall malware which has infected your device.

Brave browser has nothing to do with it. (Probably) if you uninstall brave and install new MM on chrome, same thing will happen on chrome. Or it has attached itself to brave browser as it was the default browser at the time or had a wallet a wallet installed.

Download https://malwarebytes and clean your device.

If it is still unable to do it, you will probably need to wipe out your device altogether and then install a new windows OS.

Or try to find new .exe programs you installed which might be malicious. Go into tab manager and try to find the process which is messing with your clipboard.

It’s not a browser specific issue and they can’t do much on it. This is about what extensions you install and any virus you may have picked up on your device. Just to show, this has been an ongoing issue even on other browsers:

As all the above shows, it’s that you have a trojan virus that you’ve downloaded. When, where, and how is unknown. But it happens if you’re not cautious and don’t have good antivirus to help protect you. Remember that trojans and other types of viruses often will enter one way but then find their way through your device into multiple places. Obviously the target it would worm its way through is your OS clipboard and/or your browser(s).

Thanks for the clarification,

After further scanning with multiple anti-virus I managed to find the culprit.

Still oddly enough, the issue was happening solely within brave and not other browsers nor within the rest of the windows environment.

Either way it’s now fixed. I didn’t find any free anti virus that picked it up and had to use a paid version (in case somebody is having the same issue).

1 Like

Yeah, they all find their way to different spots. I’m assuming you have Brave as your default browser, right? It’s possible it sniffed out that way just because of that setting and then set up camp. It also may just have been set up to try to sniff out anything that’s more Web 3.

Also, I’m not sure what would have happened if you had gone to brave://settings/privacy and then ran Safety Check.

It’s good to do every once in a while, especially if you end up adding or updating extensions and all.

I wasn’t aware of that safety check feature. Thanks for bringing it up, I’ll definitely run it on a regular basis from now on.