• Skip to main content

Naga Cyber Defense

Trusted Security for all of Indonesia

  • Home
  • About
  • Programs
  • Contact
  • Blog
You are here: Home / News / Ekstensi Google Chrome Digunakan Untuk Mencuri Cryptocurrency

Ekstensi Google Chrome Digunakan Untuk Mencuri Cryptocurrency

November 22, 2022 by Coffee Bean

Ekstensi browser Google Chrome yang mencuri informasi bernama ‘VenomSoftX’ sedang digunakan oleh malware Windows untuk mencuri cryptocurrency dan konten clipboard saat pengguna menjelajahi web.

Ekstensi Chrome ini dipasang oleh malware ViperSoftX Windows, yang bertindak sebagai RAT berbasis JavaScript (trojan akses jarak jauh) dan pembajak cryptocurrency.

Aktivitas Terbaru
Saluran distribusi utama untuk ViperSoftX adalah file torrent yang berisi crack game bertali dan aktivator produk perangkat lunak.

Dengan menganalisis alamat dompet yang di-hardcode dalam sampel ViperSoftX dan VenomSoftX, Avast menemukan bahwa keduanya secara kolektif telah menghasilkan sekitar $130.000 bagi operator mereka pada 8 November 2022.

Cryptocurrency yang dicuri ini diperoleh dengan mengalihkan transaksi cryptocurrency yang dicoba pada perangkat yang dikompromikan dan tidak termasuk keuntungan dari aktivitas paralel.

Baris kode berbahaya tunggal bersembunyi di suatu tempat di bagian bawah file teks log 5MB dan berjalan untuk mendekripsi muatan, pencuri ViperSoftX.

Fitur utama dari varian ViperSoftX yang lebih baru adalah pemasangan ekstensi browser berbahaya bernama VenomSoftX di browser berbasis Chrome (Chrome, Brave, Edge, Opera).

Menginfeksi Chrome

“VenomSoftX terutama melakukan ini (mencuri crypto) dengan mengaitkan permintaan API pada beberapa pertukaran crypto yang sangat populer yang dikunjungi/dimiliki oleh korban,” jelas Avast dalam laporan tersebut.

“Ketika API tertentu dipanggil, misalnya, untuk mengirim uang, VenomSoftX merusak permintaan sebelum dikirim untuk mengalihkan uang ke penyerang.”

Layanan yang ditargetkan oleh VenomSoftX adalah Blockchain.com, Binance, Coinbase, Gate.io, dan Kucoin, sedangkan ekstensi juga memonitor clipboard untuk penambahan alamat dompet.

“This module focuses on www.blockchain.com and it tries to hook https://blockchain.info/wallet. It also modifies the getter of the password field to steal entered passwords,” explains Avast.

“Once the request to the API endpoint is sent, the wallet address is extracted from the request, bundled with the password, and sent to the collector as a base64-encoded JSON via MQTT.”

Terakhir, jika pengguna melampirkan konten ke situs web mana pun, ekstensi akan memeriksa apakah cocok dengan salah satu ekspresi reguler yang ditunjukkan di atas, dan jika demikian, kirimkan konten yang ditempelkan ke pelaku ancaman.

Dikarenakan Google Sheets biasanya dipasang di Google Chrome sebagai aplikasi di bawah chrome://apps/ dan bukan ekstensi, Anda dapat memeriksa halaman ekstensi browser Anda untuk menentukan apakah Google Sheets dipasang.

Sumber : bleeping computer

Tagged With: Chrome Extension, Crypto Hacking, cryptocurrency, Google Chrome, hijack browsers, Information Stealer, Malware

Copyright © 2025 · Naga Cyber Defense · Sitemap

Cookies Settings
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
AcceptReject AllCookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_172707709_11 minuteSet by Google to distinguish users.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
non-necessary
SAVE & ACCEPT
Powered by CookieYes Logo