Hackers use Chrome to Hijack Bitcoin
A New cryptocurrency scam utilizes an add-on for Google Chrome to steal the passwords associated with cryptocurrencies’ wallets. The information-stealing Windows virus works in conjunction with the Chrome browser extension “VenomSoftX” to steal the private information of Internet users as they browse the Web.
Further investigation of the maliciously installed Chrome browser extension indicates that its core operation has evolved into a significant hacking campaign. In addition, the Avast research team has identified 93,000 ViperSoftX hacking attempts against Internet surfers, all of which were blocked by the Avast antivirus software.
Cracked Software Hosts Dangerous Malware
So far, since January 2022, the harmful malware had been tracked to India, Brazil, Italy, and the United States of America. Analysis has also revealed that the hackers utilize torrent files of cracked games and other software products to distribute the ViperSoftX malware.
According to Avast researchers, income generated up until November 8th, 2022, indicated that the hackers made a tidy profit. Blockchain wallets linked to the ViperSoftX and VenomSoftX malware hackers had approximately $130,000 in cryptocurrencies.
However, this is just a fraction of the money earned by these threat actors, the stolen cryptocurrency does not include earnings from other dark web operations. By deviating cryptocurrency transactions on compromised devices, the malware loader creates extra files by decrypting the AES data. The task scheduler VBS file host the log file with the ViperSoftX PowerShell payload XML file. In addition, the ViperSoftX stealer is used to decrypt the malicious payload code found in the log text file.
Virus Injected Browsers
However, it must be noted that the malicious VenomSoftX Chrome browser has the same distinguishing characteristic as the ViperSoftX variants that hijacks Brave, Edge, and Opera browsers.
Security experts warned that the harmful extension can easily avoid detection since it is promoted as “Google Sheets 2.1” a productivity program provided by the tech giant. As recently as May, the criminal hackers deployed the harmful extension as “Update Manager”.
The Avast team revealed that VenomSoftX and ViperSoftx operate on different levels to accomplish a higher success rate when stealing their victims’ cryptocurrencies. With”VenomSoftX, a send money request is rerouted to the hackers before it can be delivered to the recipients’ wallets.
So far, the most targeted wallets are Blockchain.com, Coinbase, Binance, Gate.io, Kucoin, and a few other cryptocurrency platforms that VenomSoftX targets.