chepicap.com
New crypto malware has been discovered on popular torrent site The Pirate Bay that is able to manipulate web pages and replace Bitcoin and Ether addresses, Bleeping Computer reports.
The malware replaces some of the most popular web pages such as Wikipedia, Google and Yandex in order to steal cryptocurrencies. The malware was first mistaken for a program that adds advertising on Google and search results. Bleeping Computer’s own Laurance Abrams discovered some of the malware’s actions.
“What appeared to be an ad-injector into the main Google search page turned out to be only the tip of the iceberg,” the publication reads.
The anomaly was first detected by IT security researcher oxffffo8oo after downloading the movie The Girl in the Spider’s Web and noticed a .LNK file running a PowerShell command instead of the video file.
In addition to being able to manipulate search results to show certain links, the malware also swaps out cryptocurrency wallet addresses for ones owned by the attacker. This happens when the copy and pase function is used on Windows PCs.
“Because the wallets are a large string of random characters, most users will likely not notice the difference between what they expected to copy and the pasted result.”