Thursday, December 1, 2022
HomeCryptoThis fake Google Chrome extension steals your passwords and cryptocurrencies

This fake Google Chrome extension steals your passwords and cryptocurrencies

In a report published on November 21, security researchers at Avast point to a new version of a Chrome extension that is particularly good at stealing your passwords and cryptocurrencies.

Dubbed “VenomSoftX”, the Chrome extension in question is implemented by malware running on Windows that has been rampant since 2020: “ViperSoftX”. The latter acts as a remote Trojan horse to steal cryptocurrencies and passwords of its victims.

93,000 infection attempts in 2022

A significant figure, which is only the tip of the iceberg, as its 93,000 infection attempts only represent Avast customers worldwide. According to the map shared by the antivirus software publisher, the most affected countries are the United States, Brazil, Italy and India. However, it can be seen that the UK, Canada, Australia, Pakistan and France are not far behind.

Map of ViperSoftX malware victims in 2022 – © Avast

According to Avast, software ViperSoftX and VenomSoftX as of November 8, 2022, would have brought the trifle of $130,000 to hackers just by redirecting cryptocurrency transactions on compromised devices.

Read : Uninstall these four mobile apps that show ads and steal your personal data

The executable is installed on Windows machines via torrent files containing game cracks and pirated software activators. In that file is a line of code that activates the payload: ViperSoftX.

Google Chrome is infected

In addition, the new version of the software allows you to install a fake “Google Sheets 2.1” extension, which apparently has nothing to do with the official office suite.

The malicious extension is an additional way for hackers to steal cryptocurrency by intercepting API requests and copying cryptocurrency wallet addresses from the clipboard. Very popular crypto exchanges are targeted, such as Binance, Coinbase, and Kucoin.

The extension can also alter the website’s HTML to display the victim’s cryptocurrency wallet address while manipulating things in the background. The software then sets the transaction amount to the maximum available to swallow all of the victim’s funds.

Note that Google Sheets is usually installed on Chrome as an app (in “chrome://apps/”) and not as an extension. If you see a Google Sheet extension in your browser, we advise you to uninstall it and then clear your browser data to ensure that the malicious extension is removed.





Please enter your comment!
Please enter your name here

Most Popular