Stealing passwords with Google Chrome extension
In 2020, ViperSoftX was reported by Fortinet. Since then, according to researchers from Avast, the malware has developed quite far.
What is ViperSoftX? It is a multi-stage malware which was designed to mainly steal cryptocurrency and also some other information of the infected host. ViperSoftX usually infects its victims by hiding in a cracked version of an application.
After the cracked application is launched, a chain of codes is executed, which ends in a Chromium-based browser extension called VenomSoftX. This extension tries to hide itself under the name “Google Sheet 2.1” and can even update itself. While it is active, it tries to hack into the most used crypto websites. Once the victim tries to make a trade, it changes the Web-address to direct the money to one’s own account.
For more insights on ViperSoftX, feel free to check out our sources below:
- ViperSoftX: Hiding in System Logs and Spreading VenomSoftX (decoded.avast.io)
- Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Aurora Stealer Malware
Another Go-based malware, known as Aurora Stealer, is becoming increasingly popular. Its goal is to steal sensitive information from 40 different applications, including Telegram and some cryptocurrency wallets.
The infection chain starts through phishing pages, such as SEO-poised pages or fake pages for legitimate software. After infecting the host, Aurora scans the files until it finds a matching filename or directory with the desired applications and extensions. After finding a match, all relevant data is encrypted with base64 and sent as a Json file via TCP to the C2 server. Additionally, Aurora can act as a loader and enable the intrusion of additional malware.
Interested in knowing more? Two interesting sources to continue reading:
- Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware (thehackernews.com)
- Aurora: a rising stealer flying under the radar (blog.sekoia.io)
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.