In April 2018, the 360 ​​Internet Security Center first monitored a class of encrypted digital currency Trojans on the PC platform. The Trojan constantly monitors the user’s clipboard content, determines whether it is an encrypted digital currency address such as Bitcoin, Ethereum, etc., and then changes the target address to its own address when the user trades, quietly implementing the theft, we named it “cut and paste” Board ghost.”

http://blogs.360.cn/post/analysis_of_Clipper.html