Security News > 2022 > November > Google Chrome extension used to steal cryptocurrency, passwords
![Google Chrome extension used to steal cryptocurrency, passwords](/static/build/img/news/google-chrome-extension-used-to-steal-cryptocurrency-passwords-medium.jpg)
An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web.
This Chrome extension is being installed by the ViperSoftX Windows malware, which acts as a JavaScript-based RAT and cryptocurrency hijacker.
To stay hidden from the victims, the installed extension masquerades as "Google Sheets 2.1", supposedly a Google productivity app.
The extension can modify HTML on websites to display a user's cryptocurrency wallet address while manipulating the elements in the background to redirect payments to the threat actor.
Info, the extension will also attempt to steal passwords entered on the site.
As Google Sheets is normally installed in Google Chrome as an app under chrome://apps/and not an extension, you can check your browser's extension page to determine if Google Sheets is installed.
News URL
Related news
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google Chrome change that weakens ad blockers begins June 3rd (source)
- Google Chrome reduced cookie requests to improve performance (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)