Hello I write this topic to transmit you my information, the goal is to prevent a max of world and to be careful thereafter.
Yesterday I discovered that my new plots (about 4TO) were well detected by the Chia launcher but in the “Pool” tab the number of plots did not increase!
After several attempts (conf modification) I finally understood my problem!
When my Clipboard contains strictly only a “Pool Contract Address (64 chars)” my address is replaced by “xch1ndzzk3x285jk3xm4387v6eyfxfepgzyrt4hdu5ackpteyz9pgccq6lzgzl” (the hacker address).
After several searches I was able to remove the “Clipboard Hijacker” that was on my server and everything is back to normal.
For your information:
Clipboard Hijacker is a malware used by cybercriminals looking to make fraudulent cryptocurrency transactions. This can be achieved by simply changing cryptocurrency wallet addresses from those saved in a clipboard to others.
In my case I had several malicious processes.
msn.exe
msh.exe
What is worrying is that the “Clipboard Hijacker” was on my Windows Server dedicated only to Chia plots, that I do not use this server for anything else.
So I’m still trying to figure out how I got infected…
You can do a test to see if you are infected, copy your Pool Contract Address and when pasted if the address has changed, you are infected.