Once again, hackers are improving their abilities to empty digital wallets. This time, they built a malicious extension for Chromium-based browsers (such as Google Chrome, Opera, Brave, Yandex, and Microsoft Edge). Silently operating in the background, this stealing malware can directly take cryptocurrency from wallets and also the passwords of popular crypto exchanges.
Dubbed “VenomSoftX” by the cybersecurity brand Avast, the extension is derived from the information stealer ViperSoftX —around since 2020. VenomSoftX has new and combined capabilities, though. It can act as a Remote Access Trojan (RAT), while also having clipper and API tampering features. As they explained:
“The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.”
This way, when the victim visits custodial crypto exchanges like 바이 낸스, Coinbase, Gate.io, or KuCoin, not only their credentials can be snatched away. By tampering with APIs and kidnapping the clipboard (like malware clippers do), the extension is capable to change legit cryptocurrency addresses for others owned by the hackers.
So, instead of copying/pasting the intended address to send funds, the victim may end up using the hacker’s address —allowing the cryptocurrency stealing. The worst part is this could be noticed only when it’s too late, in the transaction history. That’s why prevention is the best path to follow.
VenomSoftX is being distributed through non-official copies of software like Adobe Illustrator, Corel Video Studio, Microsoft Office, games, and more. Usually, numerous torrents come infected with it. The victim gets what they wanted, but also the malware.
How to avoid cryptocurrency stealing
The crypto-stealing malware comes in numerous presentations and campaigns worldwide. It can affect anyone, thus, it’s important to take some preventive measures. For clippers, it’s always necessary to check twice the pasted crypto addresses. But there are more things we can do to avoid all kinds of malware.
- Keep updated on the OS, antivirus, and firmware of all your smart devices.
- 의심스러운 이메일의 링크 나 첨부 파일을 열지 마십시오.
- Download files and software only from the official websites.
- Make backups of all your important information and files on external devices, preferably offline.
- Avoid phishing sites and apps by looking at previous reviews and the URL, which is always different from the original.
- Pay attention to the news of your favorite websites and services: they should announce their customers if they’re under cyberattack.
Featured Vector by vectorjuice / Freepik
BTC, ETH, 그리고 다른 토큰을 거래하고 싶으신가요? 가능합니다. 안전하게 Alfacash에서! 그리고 우리가 이 주제와 다른 많은 주제에 대해 소셜 미디어에서 이야기하고 있다는 것을 잊지 마세요.
전보 * 페이스 북 * 인스 타 그램 * 유튜브 *트위터
한국어 
English 
العربية 
简体中文 
Čeština 
Nederlands 
Français 
ქართული 
Deutsch 
Ελληνικά 
हिन्दी 
Magyar 
Italiano 
日本語 
Norsk bokmål 
Polski 
Português 
Română 
Русский 
Slovenčina 
Español 
Svenska 
Türkçe