Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Fake ‘Google Notes’ browser extension caught swapping crypto wallet addresses

(Pierre Borthiry / Unsplash)

By WAQAS

McAfee researchers are warning cryptocurrency users worldwide about a malicious browser extension that hides behind the name “Google Notes” while changing wallet addresses during transactions. In cybersecurity terms, this is clipper malware, more specifically a crypto clipper delivered through a malicious browser extension.

Published on June 30, 2026, and shared with Hackread.com, the McAfee Advanced Threat Research report says the campaign uses unsigned installers to place a malicious extension inside Chromium-based browsers, including Google Chrome, Brave, and Microsoft Edge.

The extension presents itself as a simple note-taking tool, but its main purpose is to watch for copied cryptocurrency wallet addresses and replace them before the user pastes them into a payment field.

Read more at HackRead

Click to listen highlighted text!