Chrome Extension Steals Passwords, and Cryptocurrencies

Chrome
Chrome
Courtesy of Robert Scoble (Flickr CC0)

Chrome Danger

Researchers say that a dangerous cryptocurrency-stealing malware has gotten updates to make it even more dangerous. Avast cybersecurity experts have warned that the Microsoft malware ViperSoftX has evolved into a malicious Google Chrome extension.

For the most part, ViperSoftX would watch the things that the infected computer would copy into their clipboard, and if the computer would copy a cryptocurrency wallet address, the malware would replace the one from the clipboard with the people behind the hacker’s cryptocurrency wallet address. When this occurs, the infected computer will unintentionally send funds to the hackers.

Chrome
Courtesy of David Martyn Hunt (Flickr CC0)

Examine Before You Install

Cryptocurrency addresses are a long line of what look to be random characters, which in turn makes this attack successful for the most part. The extension does the exact same thing, but a little better.

The name of the malware-infested extension is “Google Sheets 2.1.” This is a dangerous extension; If someone has it, recommended for deletion.

“VenomSoftX steals cryptocurrency by hooking API requests on some popular cryptocurrency exchanges that victims visit or have an account with,” researchers explained.

Avast says that the attack gets used on large crypto companies, like Coinbase, Kucoin, Binance, Gate.io, and Blockchain.com. Not only those companies, but the attack also keeps a lookout for wallets copied onto the clipboard.

Even if the victim makes sure that they double-check the wallet address, it won’t matter because the extension modifies the HTML so that the victim’s wallet is displayed. Basically, behind the scenes, the hacker’s wallet address gets disguised as the victim’s wallet address.

So far, research has concluded that the attack has been able to steal $130,000 in different types of cryptocurrencies. The number of people affected by the hack is unknown, but the people hacked were mainly located in India, Brazil, the U.S., and Italy.

Written By Lance Santoyo

Sources:

Tech Radar: This nasty Google Chrome extension is after your crypto and your passwords

Bleeping Computer: Google Chrome extension used to steal cryptocurrency, passwords

GB Hackers: Chrome Extension Deploy Windows Malware to Steal Cryptocurrency and Clipboard Contents

Top and Featured Image Courtesy of Robert Scoble Flickr Page – Creative Commons License

Inset Image Courtesy of David Martyn Hunt Flickr Page – Creative Commons License