Once again, hackers are improving their abilities to empty digital wallets. This time, they built a malicious extension for Chromium-based browsers (such as Google Chrome, Opera, Brave, Yandex, and Microsoft Edge). Silently operating in the background, this stealing malware can directly take cryptocurrency from wallets and also the passwords of popular crypto exchanges.

Dubbed “VenomSoftX” by the cybersecurity brand Avast, the extension is derived from the information stealer ViperSoftX —around since 2020. VenomSoftX has new and combined capabilities, though. It can act as a Remote Access Trojan (RAT), while also having clipper and API tampering features. As they explained:

“The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.”

This way, when the victim visits custodial crypto exchanges like Κάθισμα, Coinbase, Gate.io, or KuCoin, not only their credentials can be snatched away. By tampering with APIs and kidnapping the clipboard (like malware clippers do), the extension is capable to change legit cryptocurrency addresses for others owned by the hackers.

The extension disguises itself as “Google Sheets 2.1”. Image by Avast

So, instead of copying/pasting the intended address to send funds, the victim may end up using the hacker’s address —allowing the cryptocurrency stealing. The worst part is this could be noticed only when it’s too late, in the transaction history. That’s why prevention is the best path to follow.

VenomSoftX is being distributed through non-official copies of software like Adobe Illustrator, Corel Video Studio, Microsoft Office, games, and more. Usually, numerous torrents come infected with it. The victim gets what they wanted, but also the malware.

How to avoid cryptocurrency stealing

The crypto-stealing malware comes in numerous presentations and campaigns worldwide. It can affect anyone, thus, it’s important to take some preventive measures. For clippers, it’s always necessary to check twice the pasted crypto addresses. But there are more things we can do to avoid all kinds of malware.

  • Keep updated on the OS, antivirus, and firmware of all your smart devices.
  • Μην ανοίγετε συνδέσμους ή συνημμένα αρχεία από αμφίβολα μηνύματα ηλεκτρονικού ταχυδρομείου.
  • Download files and software only from the official websites.
  • Make backups of all your important information and files on external devices, preferably offline.
  • Avoid phishing sites and apps by looking at previous reviews and the URL, which is always different from the original.
  • Pay attention to the news of your favorite websites and services: they should announce their customers if they’re under cyberattack.

Featured Vector by vectorjuice / Freepik


Wanna trade BTC, ETH, and other tokens? You can do it με ασφάλεια σε Alfacash! And don’t forget we’re talking about this and many other things on our social media.

Τηλεγράφημα * Facebook * Ίνσταγκραμ * YouTube *Κελάδημα

Author

Είμαι επαγγελματίας της λογοτεχνίας στον κόσμο της κρυπτογράφησης από το 2016. Δεν ακούγεται πολύ συμβατό, αλλά από τότε μαθαίνω και διδάσκω για το blockchain και τα cryptos για διεθνείς πύλες. Μετά από εκατοντάδες άρθρα και ποικίλο περιεχόμενο σχετικά με το θέμα, τώρα μπορείτε να με βρείτε εδώ στο Alfacash, για περισσότερη αποκέντρωση.

Ελληνικά
Exit mobile version