Fake “Google Notes” Extension Caught Swapping Crypto Wallet Addresses

https://hackread.com/wp-content/uploads/2026/07/fake-google-notes-browser-extension-swap-crypto-wallets-2-1024x576.jpg

McAfee researchers are warning cryptocurrency users worldwide about a malicious browser extension that hides behind the name “Google Notes” while changing wallet addresses during transactions. In cybersecurity terms, this is clipper malware, more specifically a crypto clipper delivered through a malicious browser extension.

Published on June 30, 2026, and shared with Hackread.com, the McAfee Advanced Threat Research report says the campaign uses unsigned installers to place a malicious extension inside Chromium-based browsers, including Google Chrome, Brave, and Microsoft Edge.

The extension presents itself as a simple note-taking tool, but its main purpose is to watch for copied cryptocurrency wallet addresses and replace them before the user pastes them into a payment field.

Thereafter, anyone sending crypto by copy and paste could miss the swap unless they check the address closely. Since most cryptocurrency transfers cannot be reversed, one successful swap can mean permanent loss.

Behind the fake notes app,...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

Read more