"Clipboard Hijackers" are coming to the Chia network

Hello I write this topic to transmit you my information, the goal is to prevent a max of world and to be careful thereafter.

Yesterday I discovered that my new plots (about 4TO) were well detected by the Chia launcher but in the “Pool” tab the number of plots did not increase!
After several attempts (conf modification) I finally understood my problem!
When my Clipboard contains strictly only a “Pool Contract Address (64 chars)” my address is replaced by “xch1ndzzk3x285jk3xm4387v6eyfxfepgzyrt4hdu5ackpteyz9pgccq6lzgzl” (the hacker address).
After several searches I was able to remove the “Clipboard Hijacker” that was on my server and everything is back to normal.

For your information:
Clipboard Hijacker is a malware used by cybercriminals looking to make fraudulent cryptocurrency transactions. This can be achieved by simply changing cryptocurrency wallet addresses from those saved in a clipboard to others.

In my case I had several malicious processes.

What is worrying is that the “Clipboard Hijacker” was on my Windows Server dedicated only to Chia plots, that I do not use this server for anything else.
So I’m still trying to figure out how I got infected…
You can do a test to see if you are infected, copy your Pool Contract Address and when pasted if the address has changed, you are infected.


I’ve seen similar posts on the interwebz, so I guess this is a real concern.
I’m running linux and keep it patched, I hope that is enough to keep it safe…

Nothing is safe unfortunately. Even the most savvy of PC users fall victim. This is why in the security world they call it “When it happens” not “If it happens”.


But this is also why you check the address your sending to at every step of the way. I triple check.