A clipboard hijacker is malware that watches what a user copies and silently changes it before the paste occurs. The most common target is a cryptocurrency wallet address, because these strings are long, hard to verify quickly, and easy to mistype. When the victim pastes the copied value, the destination may already have been swapped to an attacker-controlled address.
This matters because the theft happens at the moment of payment, often without any visible warning from the browser or wallet app. Clipboard hijackers can arrive through phishing pages, malicious downloads, or trojanized tools, and they are often paired with social engineering that pushes the user toward an untrusted install path. Defenders look for unusual process behavior, clipboard access, and mismatched pasted text. Users can reduce risk by verifying full wallet addresses character by character and using trusted software sources.



