This nasty Google Chrome extension is after your crypto and your passwords

A particularly nasty crypto-stealing malware has gotten a facelift to make it even more dangerous, researchers have claimed. Cybersecurit...

A particularly nasty crypto-stealing malware has gotten a facelift to make it even more dangerous, researchers have claimed.

Cybersecurity experts from Avast have warned the ViperSoftX Windows malware, a JavaScript-based RAT that’s been around for more than two years, has been upgraded to also install a Chrome browser add-on.

Usually, ViperSoftX would monitor the clipboard contents of the infected endpoint, and if it spots the victim copying and pasting a cryptocurrency wallet address, it would replace the one from the clipboard, with the one belonging to the attackers. That way, when the victim sends their funds, they end up at the hands of the attackers.

Fake Google Sheets add-on

Cryptocurrency addresses are a long line of seemingly random characters, which makes this type of hijacking relatively successful. The add-on does basically the same thing, but somewhat more efficiently. It’s named Google Sheets 2.1, to remove any suspicion of its good intentions for the victims. 

"VenomSoftX mainly does this (steals crypto) by hooking API requests on a few very popular crypto exchanges victims visits/have an account with," the researchers said. "When a certain API is called, for example, to send money, VenomSoftX tampers with the request before it is sent to redirect the money to the attacker instead."

Avast says the trojan targets multiple major crypto players, such as Coinbase, Binance, Kucoin, Gate.io, and Blockchain.com. However, it doesn’t stop there - it also keeps an eye on the clipboard for any other wallets being pasted. 

There are two frightening details about VenomSoftX, one that the extension can modify HTML on websites, to display the victim’s cryptocurrency wallet address. In other words, even a visual inspection of the address, after pasting, won’t help. What’s more, the malware will intercept all API requests to the services, and set the transaction amount to the maximum. That way, even if the victim first goes with a test transaction (a small transaction of, say, $10), they will still lose all of their funds. 

And finally, for Blockchain, it will try to steal the password, if the victim enters it on the site.

So far, the researchers are saying, the attackers managed to steal some $130,000 worth of various cryptos. We don’t know how many people were infected, but we do know that most victims are located in the US, Italy, Brazil, and India. 

There is no such thing as Google Sheets 2.1, so in case you see this add-on installed, make sure to remove it immediately.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/NIYUs3j
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This nasty Google Chrome extension is after your crypto and your passwords
This nasty Google Chrome extension is after your crypto and your passwords
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/11/this-nasty-google-chrome-extension-is.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/11/this-nasty-google-chrome-extension-is.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy