Once again, hackers are improving their abilities to empty digital wallets. This time, they built a malicious extension for Chromium-based browsers (such as Google Chrome, Opera, Brave, Yandex, and Microsoft Edge). Silently operating in the background, this stealing malware can directly take cryptocurrency from wallets and also the passwords of popular crypto exchanges.

Dubbed “VenomSoftX” by the cybersecurity brand Avast, the extension is derived from the information stealer ViperSoftX —around since 2020. VenomSoftX has new and combined capabilities, though. It can act as a Remote Access Trojan (RAT), while also having clipper and API tampering features. As they explained:

“The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.”

This way, when the victim visits custodial crypto exchanges like Binance, Coinbase, Gate.io, or KuCoin, not only their credentials can be snatched away. By tampering with APIs and kidnapping the clipboard (like malware clippers do), the extension is capable to change legit cryptocurrency addresses for others owned by the hackers.

Malicious-extension-cryptocurrency-stealing
The extension disguises itself as “Google Sheets 2.1”. Image by Avast

So, instead of copying/pasting the intended address to send funds, the victim may end up using the hacker’s address —allowing the cryptocurrency stealing. The worst part is this could be noticed only when it’s too late, in the transaction history. That’s why prevention is the best path to follow.

VenomSoftX is being distributed through non-official copies of software like Adobe Illustrator, Corel Video Studio, Microsoft Office, games, and more. Usually, numerous torrents come infected with it. The victim gets what they wanted, but also the malware.

How to avoid cryptocurrency stealing

The crypto-stealing malware comes in numerous presentations and campaigns worldwide. It can affect anyone, thus, it’s important to take some preventive measures. For clippers, it’s always necessary to check twice the pasted crypto addresses. But there are more things we can do to avoid all kinds of malware.

exploit-bug-crypto-defi
  • Keep updated on the OS, antivirus, and firmware of all your smart devices.
  • Nie otwieraj linków ani załączonych plików z podejrzanych e-maili.
  • Download files and software only from the official websites.
  • Make backups of all your important information and files on external devices, preferably offline.
  • Avoid phishing sites and apps by looking at previous reviews and the URL, which is always different from the original.
  • Pay attention to the news of your favorite websites and services: they should announce their customers if they’re under cyberattack.

Featured Vector by vectorjuice / Freepik


Wanna trade BTC, ETH, and other tokens? You can do it bezpiecznie na Alfacash! And don’t forget we’re talking about this and many other things on our social media.

Telegram * Facebook * Instagram * Youtube *Świergot

Autor

I'm a literature professional in the crypto world since 2016. It doesn't sound very compatible, but I've been learning and teaching about blockchain and cryptos for international portals since then. After hundreds of articles and diverse content about the topic, now you can find me here on Alfacash, working for more decentralization.

pl_PLPolski