Once again, hackers are improving their abilities to empty digital wallets. This time, they built a malicious extension for Chromium-based browsers (such as Google Chrome, Opera, Brave, Yandex, and Microsoft Edge). Silently operating in the background, this stealing malware can directly take cryptocurrency from wallets and also the passwords of popular crypto exchanges.

Dubbed “VenomSoftX” by the cybersecurity brand Avast, the extension is derived from the information stealer ViperSoftX —around since 2020. VenomSoftX has new and combined capabilities, though. It can act as a Remote Access Trojan (RAT), while also having clipper and API tampering features. As they explained:

“The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.”

This way, when the victim visits custodial crypto exchanges like Binance, Coinbase, Gate.io, or KuCoin, not only their credentials can be snatched away. By tampering with APIs and kidnapping the clipboard (like malware clippers do), the extension is capable to change legit cryptocurrency addresses for others owned by the hackers.

Malicious-extension-cryptocurrency-stealing
The extension disguises itself as “Google Sheets 2.1”. Image by Avast

So, instead of copying/pasting the intended address to send funds, the victim may end up using the hacker’s address —allowing the cryptocurrency stealing. The worst part is this could be noticed only when it’s too late, in the transaction history. That’s why prevention is the best path to follow.

VenomSoftX is being distributed through non-official copies of software like Adobe Illustrator, Corel Video Studio, Microsoft Office, games, and more. Usually, numerous torrents come infected with it. The victim gets what they wanted, but also the malware.

How to avoid cryptocurrency stealing

The crypto-stealing malware comes in numerous presentations and campaigns worldwide. It can affect anyone, thus, it’s important to take some preventive measures. For clippers, it’s always necessary to check twice the pasted crypto addresses. But there are more things we can do to avoid all kinds of malware.

exploiter-bug-crypto-defi
  • Keep updated on the OS, antivirus, and firmware of all your smart devices.
  • N'ouvrez pas de liens ou de fichiers joints à partir d'e-mails douteux.
  • Download files and software only from the official websites.
  • Make backups of all your important information and files on external devices, preferably offline.
  • Avoid phishing sites and apps by looking at previous reviews and the URL, which is always different from the original.
  • Pay attention to the news of your favorite websites and services: they should announce their customers if they’re under cyberattack.

Featured Vector by vectorjuice / Freepik


Wanna trade BTC, ETH, and other tokens? You can do it sans encombre sur Alfacash! And don’t forget we’re talking about this and many other things on our social media.

Télégramme * Facebook * Instagram * Youtube *Twitter

Author

Je suis un professionnel de la littérature dans le monde de la crypto depuis 2016. Cela ne semble pas très compatible, mais j'apprends et enseigne depuis lors la blockchain et les cryptos pour des portails internationaux. Après des centaines d'articles et des contenus variés sur le sujet, vous pouvez désormais me retrouver ici sur Alfacash, œuvrant pour plus de décentralisation.

fr_FRFrançais