Back to the list

Google Chrome Extension, VenomSoftX Steals Cryptocurrency, Passwords


coinedition.com 22 November 2022 11:45, UTC
Reading time: ~2 m

According to the latest reports, Google Chrome browser extension named ‘VenomSoftX’ is stealing cryptocurrencies and information like passwords. VenomSoftX was deployed by Windows malware to steal clipboard contents too while users browse the web.

This Chrome extension was reportedly installed by the ViperSoftX Windows malware. The malware acted as a JavaScript-based RAT (remote access trojan) and crypto hijacker.

Furthemore, the report revealed that since the beginning of 2022, Avast Threat Labs has detected and successfully terminated about 93,000 ViperSoftX infection attempts happening with users from the US, Italy, India and Brazil.

Avast probed the wallet addresses hard-fixed in ViperSoftX and VenomSoftX samples and found that the wallets together made nearly $130,000 by November 8, 2022.

VenomSoftX stole crypto by hooking API requests on a few leading crypto exchanges used by victims, states reports.

The Avast report read:

“When a certain API is called, for example, to send money, VenomSoftX tampers with the request before it is sent to redirect the money to the attacker instead.”

The services targeted by VenomSoftX included crypto exchanges like Blockchain.com, Binance, Coinbase, Gate.io, and Kucoin. Strikingly, the extension also kept an eye on the clipboard for adding more wallet addresses.

VenomSoftX could also tamper with HTML on websites to publicize the user’s crypto wallet address and also modify the parts in the background to redirect payments to the threat actor. The VenomSoftX extension also intercepts all API requests to the crypto services to determine the victim’s assets.The extension would then change the transaction amount to the maximum figure available and draw off funds over the time.

Back to the list