Security News > 2022 > November > This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an adversary-in-the-middle attack.

The malware's use of a browser extension to advance its information-gathering goals was documented by Sophos threat analyst Colin Cowie earlier this year.

Newer variants of the malware are also capable of loading the VenomSoftX add-on, which is retrieved from a remote server, to Chromium-based browsers such as Google Chrome, Microsoft Edge, Opera, Brave, and Vivaldi.

"The extension tries to disguise itself as well known and common browser extensions such as Google Sheets," Rubín explained.

"In reality, the VenomSoftX is yet another information stealer deployed onto the unsuspecting victim with full access permissions to every website the user visits from the infected browser."

VenomSoftX, like ViperSoftX, is also orchestrated to steal cryptocurrencies from its victims.

News URL

https://thehackernews.com/2022/11/this-malware-installs-malicious-browser.html