A stealthy malware that steals crypto tokens and user data has been found in a browser extension called “SpiderX” on the Chrome Web Store.
According to the Cybernews researchers, a lot of unsuspecting people are defrauded monthly by this malware “through simple information.”
Browser Extension, called “SpiderX, Hides Malware That Steal Crypto Tokens And Data
On Wednesday, September 18, 2024, the Cybernews research team announced the discovery of a crude malicious Chrome extension called “SpiderX.”
The team revealed that the Chrome browser extension hides an information-stealing malware. The malware can steal crypto assets and personal data from infected computers.
Also, the malware is simple and stealthy and can easily slip through antiviruses, other malware detection tools, and even the Chrome Extension Store.
According to Cybernews, the malware can track the victims’ browsing history, take screenshots on the infected computer, and gather victims’ login details in plaintext format.
It was revealed that the actors behind the malware have a large repository of WhatsApp and email accounts through which they lure their victims to download the browser extension.
The Cybernews research team stated that over 10,000 spam emails were sent monthly, and the malware’s infection rate is about 1%.
By the time the Cybernews researchers discovered this malicious browser extension, over 500 persons had been infected, and the number is still counting.
How The Malware Targets Crypto Users
The malware aims to drain its victims’ crypto wallets. It starts by masquerading itself as various firms or establishments that specialize in helping victims recover their lost crypto assets.
Sometimes, it may masquerade as crypto trading platforms or even crypto wallets.
It then sends malicious campaign ‘spam’ messages to people. Once it gets engaged, it redirects the prospective victim to download and install the malicious Chrome browser extensions from the Chrome Web Store.
Once installed, the malware will begin to screenshot the victim’s screen, gather plaintext login details from various sites, and infiltrate the browsing history.
On the Chrome Web Store, the hacker indicated in the description that the extension collects users’ data and browsing history “to analyze it for malicious code.”
At the time of writing, the malicious browser extension has not been reviewed on the Chrome Web Store, and the developer mentioned is fake.
One way to avoid becoming a victim is to shun all spam campaign messages that relate to cryptocurrency. Another way is to keep your crypto assets in a non-custodial crypto wallet with strong security.
An Israeli Behind The Information-Stealing Browser Extension
The malware execution is not only amateurish with poor software misconfigurations, but the actors behind it also lack operational security measures and software misconfigurations.
It is either the actors were not careful enough to hide their data or tested the malware with their IP address, email address, and personal data.
However, the hacker’s data found in the browser extension revealed that the actor behind the malware is a person in Israel.