A particularly nasty crypto theft malware researchers have claimed to have received an upgrade to make it more dangerous.
Cybersecurity experts from Avast have warned that ViperSoftX Windows malware, a JavaScript-based RAT that has been around for more than two years, has been upgraded to install Chrome as well. Browser (opens in a new tab) add.
Normally, ViperSoftX will monitor the clipboard contents of the infected endpoint and if it detects a victim copying and pasting a crypto wallet address, it will replace the address from the clipboard with the address belonging to the infected endpoint. the attacker. That way, when victims deposit their funds, they fall into the hands of attackers.
Fake Google Sheets Add-on
Cryptocurrency addresses are a long sequence of seemingly random characters, which makes this type of hijacking relatively successful. Add-ons do essentially the same thing, but with a little more efficiency. It was named Google Sheets 2.1, to remove any doubt about its good intentions towards the victims.
“VenomSoftX mainly does this (stealing cryptocurrencies) by connecting API requests on several very popular crypto exchanges that victims have visited/have,” the researchers said. account”. “For example, when a certain API is called to send funds, VenomSoftX will forge the request before it is sent to redirect the funds to the attacker.”
Avast said the trojan targets many major crypto players, such as Coinbase, Binance, Kucoin, Gate.io, and Blockchain.com. However, it doesn’t stop there – it also monitors the clipboard for any other wallets being pasted.
There are two scary details about VenomSoftX, one is an extension that can modify the HTML on web pages, to display the victim’s crypto wallet address. In other words, even visually checking the address after pasting doesn’t help. Furthermore, the malware intercepts all API requests to the service and sets the maximum transaction amount. That way, even if the victim makes a test transaction for the first time (a small one, like $10), they will still lose all of their money.
And finally, for Blockchain, it will try to steal the password, if the victim enters that password into the website.
So far, the researchers say, the attackers have managed to steal some $130,000 worth of cryptocurrencies. We don’t know how many people have been infected, but we do know that most of the victims are in the United States, Italy, Brazil and India.
There is no such thing as Google Sheets 2.1, so in case you see this add-on installed, be sure to remove it immediately.
Through the: BleepingComputer (opens in a new tab)
