Windows malware masquerades as a Google Chrome browser extension and steals information and cryptocurrencies, according to Avast.
According to them, this is an iteration of the well-known 2020 malware ViperSoftX. The researchers assigned the program, operating as a RAT, its own name — VenomSoftX.
Pirated software torrents such as Adobe Illustrator, Corel Video Studio, Microsoft Office, etc. The malware masquerades as a normal line of code in the log file of the cracked software package.
The malicious extension provides full access to all pages visited by the victim, carries out man-in-the-browser type attacks to substitute cryptocurrency addresses by tampering with request data API on popular exchanges, steals credentials, clipboard contents and performs many other operations, the experts explained.
Among the most affected countries they named the United States, India, Italy and Brazil.
Experts calculated that as of November 8, the wallets embedded in ViperSoftX and VenomSoftX totalled $130,421.
Among the targeted platforms in the trojan are Blockchain.com, Binance, Coinbase, Gate.io and Kucoin. The extension also adds wallet addresses from the victim’s clipboard.
The malware also attempts to steal passwords entered by users on Blockchain.com, the experts added.
As reported, in the third quarter of 2022 the cumulative losses of the Web3 ecosystem from hacks and fraud amounted to $428.7 million, according to Immunefi.
Follow ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analysis.