New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

2023-06-06 18:21

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers.

"The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim's account by performing web injections into targeted cryptocurrency websites," Kaspersky researchers Haim Zigel and Oleg Kupreev said.

Infection chains involving the malware begin when users searching for cracked software are redirected to bogus websites that host ZIP archive files containing the malware.

Launching the binary initiates the malware routine, culminating in the execution of the Satacom downloader that, in turn, uses DNS requests as a command-and-control method to fetch the URL that hosts the actual malware.

What's more, the add-on masquerades as a Google Drive extension and employs web injections sent by the C2 server when the victim is visiting one of the targeted cryptocurrency websites to manipulate the content and steal crypto.

The C2 address is concealed within the script and addr fields of the most recent bitcoin transaction associated with an actor-controlled wallet address, employing the same technique as the Glupteba botnet malware to get around domain blockades or takedowns.

News URL

https://thehackernews.com/2023/06/new-malware-campaign-leveraging-satacom.html

#cryptocurrency #malware