Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Chrome extension hides malware to steal crypto: new operation uncovered

September 2024 by CyberNews

The Cybernews research team discovered a threat actor defrauding hundreds of people per month through a simple information-stealing browser extension on the Chrome Web Store, called SpiderX.

Despite obvious malicious intent, it has not yet been detected by antivirus software.
SpiderX can gather plaintext login information, take screenshots, and track browsing history. The threat actor created an infrastructure containing dozens of malicious internet addresses and WhatsApp accounts to lure victims into downloading the extension.
“Despite amateurish execution and carelessness, the threat actor is sending tens of thousands of spam emails per month and has an infection rate of 1%. At the time of discovery, there were over 500 infected victims, and the campaign is still ongoing,” Cybernews researchers said.

The campaign targets crypto users
The scheme starts by sending spam from domains impersonating cryptocurrency recovery agencies, trading platforms, wallets, or even the Financial Conduct Authority.
Some variations of the spam messages and websites used in the malicious campaign directed users to contact the threat actor via WhatsApp, while others directed them to download Chrome extensions and install them manually.
Once installed, it takes screenshots of the victim’s screen, gathers plaintext login information from forms on various websites, and exfiltrates the browsing history.

Poor operational security exposes the hacker
The malicious campaign was identified due to the lack of operational security measures and software misconfigurations.
“It appears that before launching the campaign, the threat actor set up and tested the infrastructure using their email, IP address, and other personal information,” our researchers said. “This data leads to a person in Israel.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts