New Warning Issued Against Google Chrome Browser Extension That’s Stealing Cryptocurrency Passwords

A new report by security experts is shedding light on the malware called VenomeSoftX that may appear as an extension for Google Chrome at first but can do so much worse.

The extension has the ability to be set out by another Windows malware and can go as far as stealing users’ crypto passwords. Any other related clipboard contents may also be taken away while a user goes on a search exploration across the web.

The malware is called ViperSoftX which has the tendency to have the extension installed. This behaves very similarly to RAT that’s based on JavaScript. You can even view it as a crypto hijacker because that’s what it’s designed to end up doing.

The news comes to us thanks to avid security researchers sitting at Avast who are giving out more details in terms of the malware and how much it has expanded in recent times.

As far as recent activity is concerned, the malware has been known to carry out up to 93,000 attempts that were reportedly blocked thanks to Avast so customers couldn’t feel a thing. But most nations affected included the likes of India, Italy, the US, and Brazil.


The main channel through which it’s being expanded is torrent files and they entail game cracks with activators for various software goods and services.

The malware functions by first scooping through wallet addresses and some even went as far as rewarding the operator with a sum worth $130,000 this month only.

To grab a hold of the stolen amount, all crypto transactions were carried out on devices that were compromised and aren’t including any sort of profits through other means. But how exactly does this work?

Well, it can download a series of malware loaders that decrypts data to make files like Manifest, XML task schedulers, and even an App binary file. On that note, you’ll see the single code hiding somewhere near the bottom and running payloads that are decrypted. But the latest feature has to do with downloads for a series of the browser of extensions that are malicious. This includes VenomSoft X across the likes of Chrome, Opera, and even Edge browsers.

In case you’re wondering how it exactly does this, well, it manages to infect Chrome and disguise it as Google Sheets 2.1.

Read next: Researchers Warn Of Hackers Dropping Malware Through Google Drive On Government Networks
Previous Post Next Post