The extension has the ability to be set out by another Windows malware and can go as far as stealing users’ crypto passwords. Any other related clipboard contents may also be taken away while a user goes on a search exploration across the web.
The news comes to us thanks to avid security researchers sitting at Avast who are giving out more details in terms of the malware and how much it has expanded in recent times.
As far as recent activity is concerned, the malware has been known to carry out up to 93,000 attempts that were reportedly blocked thanks to Avast so customers couldn’t feel a thing. But most nations affected included the likes of India, Italy, the US, and Brazil.
The main channel through which it’s being expanded is torrent files and they entail game cracks with activators for various software goods and services.
The malware functions by first scooping through wallet addresses and some even went as far as rewarding the operator with a sum worth $130,000 this month only.
To grab a hold of the stolen amount, all crypto transactions were carried out on devices that were compromised and aren’t including any sort of profits through other means. But how exactly does this work?
Well, it can download a series of malware loaders that decrypts data to make files like Manifest, XML task schedulers, and even an App binary file. On that note, you’ll see the single code hiding somewhere near the bottom and running payloads that are decrypted. But the latest feature has to do with downloads for a series of the browser of extensions that are malicious. This includes VenomSoft X across the likes of Chrome, Opera, and even Edge browsers.
In case you’re wondering how it exactly does this, well, it manages to infect Chrome and disguise it as Google Sheets 2.1.