Tuesday, January 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency

January 26, 2019
in Internet Security
This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The Razy Trojan is targeting legitimate browser extensions and is spoofing search results in the quest to raid cryptocurrency wallets and steal virtual coins from victims.

According to new research published by Kaspersky Lab, the malware, known as Razy, is a Trojan which uses some of the more unusual techniques on record when infecting systems.

You might also like

Microsoft Defender is boosting its response to malware attacks by changing a key setting

Australia’s tangle of electronic surveillance laws needs unravelling

You’re using your Android and Mac’s fingerprint reader all wrong

Detected by the cybersecurity firm as Trojan.Win32.Razy.gen, Razy is an executable file which spreads through malvertising on websites and is also packaged up and distributed on file hosting services while masquerading as legitimate software.

The main thrust of the malware is its capability to steal cryptocurrency. Razy focuses on compromising browsers, including Google Chrome, Mozilla Firefox, and Yandex. Different infection vectors are in place depending on the type of browser found on an infected system.

Razy is able to install malicious browser extensions, which is nothing new. However, the Trojan is also able to infect already-installed, legitimate extensions, by disabling integrity checks for extensions and automatic updates for browsers.

In the case of Google Chrome, Razy edits the chrome.dll file to disable extension integrity checks and then renames this file to break the standard pathway. Registry keys are then created to disable browser updates.

See also: Data security is a major issue in GDPR compliance

“We have encountered cases where different Chrome extensions were infected,” the researchers say. “One extension, in particular, is worth mentioning: Chrome Media Router is a component of the service with the same name in browsers based on Chromium. It is present on all devices where the Chrome browser is installed, although it is not shown in the list of installed extensions.”

In order to compromise Firefox, a malicious extension called “Firefox Protection” is installed. When it comes to Yandex, the Trojan will also disable integrity checks, rename the browser.dll file, and create registry keys to prevent browser updates. A malicious extension called Yandex Protect is then downloaded and installed.

Most of the malware’s functions are served through a single .js script which permits the malware to search for cryptocurrency wallet addresses, replace these addresses with others controlled by threat actors, spoof both images and QR codes which point to wallets, as well as modify the web pages of cryptocurrency exchanges.

TechRepublic: Hackers are still using cloud services to mask attack origin and build false trust

Razy is also able to spoof Google and Yandex search results on infected browsers, which could result in victims unwittingly visiting malicious web pages. The Trojan will often tamper with results relating to cryptocurrency in an attempt to entice users to hand over their credentials — for example, by promoting new services or bargain coin sales which require the user to log in if they wish to participate.

In all three browser cases, a number of additional scripts are downloaded. Two of the scripts, firebase-app.js and firebase-messaging.js, are legitimate statistics collectors, while two others, bgs.js and extab.js, are malicious, obfuscated scripts which modify web pages and allow malicious ads to be inserted.

CNET: Colleges reportedly drop Huawei equipment to appease Trump administration

At the time of writing, a total of six wallets linked to this campaign hold 0.14 BTC, alongside three wallets which contain roughly 25 ETH.

In related news, researchers from the University of Illinois at Urbana-Champaign demonstrated proof-of-concept security vulnerabilities earlier this week which impact a total of 26 low-end cryptocurrencies.

Previous and related coverage

Credit: Source link

Previous Post

The 10 Statistical Techniques Data Scientists Need to Master

Next Post

NVIDIA BrandVoice: Educators in the Spotlight at GTC 2019: Top 10 Sessions

Related Posts

Microsoft Defender is boosting its response to malware attacks by changing a key setting
Internet Security

Microsoft Defender is boosting its response to malware attacks by changing a key setting

January 19, 2021
Australia’s tangle of electronic surveillance laws needs unravelling
Internet Security

Australia’s tangle of electronic surveillance laws needs unravelling

January 19, 2021
You’re using your Android and Mac’s fingerprint reader all wrong
Internet Security

You’re using your Android and Mac’s fingerprint reader all wrong

January 19, 2021
OpenWRT reports data breach after hacker gained access to forum admin account
Internet Security

OpenWRT reports data breach after hacker gained access to forum admin account

January 19, 2021
Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online
Internet Security

Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online

January 19, 2021
Next Post
NVIDIA BrandVoice: Educators in the Spotlight at GTC 2019: Top 10 Sessions

NVIDIA BrandVoice: Educators in the Spotlight at GTC 2019: Top 10 Sessions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ninety Percent of Large Pharma Companies Initiated Artificial Intelligence/Machine Learning Projects In 2020 | Business
Machine Learning

Ninety Percent of Large Pharma Companies Initiated Artificial Intelligence/Machine Learning Projects In 2020 | Business

January 19, 2021
Microsoft Defender is boosting its response to malware attacks by changing a key setting
Internet Security

Microsoft Defender is boosting its response to malware attacks by changing a key setting

January 19, 2021
New Educational Video Series for CISOs with Small Security Teams
Internet Privacy

New Educational Video Series for CISOs with Small Security Teams

January 19, 2021
Get Hired as a Data Scientist in 2021: Six Checkpoints
Data Science

Get Hired as a Data Scientist in 2021: Six Checkpoints

January 19, 2021
Project MEDAL to apply machine learning to aero innovation
Machine Learning

Project MEDAL to apply machine learning to aero innovation

January 19, 2021
Australia’s tangle of electronic surveillance laws needs unravelling
Internet Security

Australia’s tangle of electronic surveillance laws needs unravelling

January 19, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ninety Percent of Large Pharma Companies Initiated Artificial Intelligence/Machine Learning Projects In 2020 | Business January 19, 2021
  • Microsoft Defender is boosting its response to malware attacks by changing a key setting January 19, 2021
  • New Educational Video Series for CISOs with Small Security Teams January 19, 2021
  • Get Hired as a Data Scientist in 2021: Six Checkpoints January 19, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates