Avast, working in the field of information security, has warned about the spread of a new malicious extension VenomSoftX for the Google Chrome browser that steals cryptocurrencies.
According to Avast experts, the virus itself has been known since 2020, but since the beginning of 2022, a sharp increase in the number of infections has been recorded – more than 93,000. VenomSoftX and its copy ViperSoftX are distributed using pirated distributions of hacked games and software.
The malicious extension masquerades as Google Sheets 2.1, and there have also been cases of installations called Update Manager. Viruses track user visits to websites of popular cryptocurrency exchanges and replace requests to the API to steal cryptocurrencies.
VenomSoftX also monitors the contents of the clipboard in search of addresses and passwords from cryptocurrency wallets.
Moreover, the user is shown his wallet address, but against the background, the viruses are trying to transfer all possible funds to the addresses of the attackers. The list of sites visited by the virus includes Binance, Coinbase, Gate.io, Kucoin and Blockchain.com.
Judging by the transactions, the hackers managed to steal assets worth at least $130,000. Avast experts urged users to check for the presence of the Google Sheets extension in their browser. In October , it was reported that users of the Phantom wallet for the Solana NFT network were under attack by hackers.