Very bad crypto theft malware The researchers claimed that facelifts are becoming more and more risky.
Avast cybersecurity experts have warned that ViperSoftX Windows malware, a JavaScript-based RAT tool that has been around for more than two years, has been upgraded to install Chrome as well. browser (Opens in a new tab) addition.
Normally, ViperSoftX monitors the contents of the clipboard of the infected endpoint, and if the victim detects copy-and-paste of a cryptocurrency wallet address, it will replace the address on the clipboard, which belongs to the attackers. This way, when the victim sends their money, it ends up in the hands of the attackers.
Fake Google Sheets add-on
Cryptocurrency addresses are a long string of seemingly random characters, which makes this type of hijacking relatively successful. The add-on basically does the same thing, but is somewhat more efficient. Dubbed Google Sheets 2.1, it removes any suspicion of the victims’ good intentions.
“VenomSoftX basically does this (cryptocurrency theft) by connecting API requests on very few cryptocurrency exchanges that victims visit/have an account with,” the researchers said. “When a specific API is called, for example, to send money, VenomSoftX manipulates the request before it is sent to forward the money to the attacker instead.”
Avast says the Trojan targets several major crypto players, such as Coinbase, Binance, Kucoin, Gate.io, and Blockchain.com. However, it doesn’t stop there – it also monitors the clipboard for any other wallets that are pasted on.
There are two scary details about VenomSoftX, one is that the extension can modify the HTML on websites, to display the address of the victim’s cryptocurrency wallet. In other words, even a visual inspection of the address, after pasting, won’t help. Moreover, the malware will intercept all API requests to the services, and set the transaction amount to the maximum. This way, even if the victim goes first with a test transaction (a small transaction of, say, $10), they will still lose all of their money.
Finally, for Blockchain, it will try to steal the password, if the victim entered it on the site.
So far, the researchers say, the attackers have managed to steal $130,000 worth of various cryptocurrencies. We do not know how many people have been infected, but we do know that most of the victims are in the United States, Italy, Brazil and India.
There is no such thing as Google Sheets 2.1, so if you see this add-on installed, be sure to remove it immediately.
Across: Computer (Opens in a new tab)