This fake Google Chrome extension steals your passwords and cryptocurrencies

In a report published on November 21, security researchers at Avast point to a new version of a Chrome extension that is particularly good at stealing your passwords and cryptocurrencies.

Named “VenomSoftX”, the Chrome extension in question is itself deployed by malware running on Windows and which has been raging since 2020: “ViperSoftX”. The latter acts as a remote Trojan horse to steal the cryptocurrencies and passwords of its victims.

93,000 infection attempts in 2022

A significant figure which is only the tip of the iceberg insofar as its 93,000 infection attempts only represent Avast customers around the world. According to the map shared by the antivirus software publisher, the most affected countries are the United States, Brazil, Italy and India. However, it can be seen that the UK, Canada, Australia, Pakistan and France are not far behind.

ViperSoftX 2022 Avast malware victim card
Map of ViperSoftX malware victims in 2022 – © Avast

According to Avast, software ViperSoftX and VenomSoftX would have brought, as of November 8, 2022, the trifle of $ 130,000 to hackers, only by diverting cryptocurrency transactions on compromised devices.

To read : Uninstall these four mobile apps that display ads and steal your personal data

The executable installs on Windows machines via torrent files containing game cracks and pirated software activators. In the file in question is a line of code that activates the payload: ViperSoftX.

Google Chrome infected

In addition, the new version of the software allows you to install a fake “Google Sheets 2.1” extension which obviously has nothing to do with the official office suite.

The malicious extension is an additional way for hackers to steal cryptocurrency by intercepting API requests and copying crypto wallet addresses from the clipboard. Very popular crypto exchanges are targeted, such as Binance, Coinbase, Gate.io and Kucoin.

The extension can also modify the HTML of the website to display the victim’s cryptocurrency wallet address while manipulating things in the background. The software then sets the transaction amount to the maximum available to siphon off all of its victim’s funds.

Note that Google Sheets is normally installed on Chrome as an app (in “chrome://apps/”) and not as an extension. If you see a Google Sheet extension on your browser, we advise you to uninstall it and then clear your browser data to ensure that the malicious extension is removed.

Source :

Avast

Leave a Comment