Beware Of Fake Browser Extensions Of Crypto Asset Thieves, Here Are The Characteristics!
JAKARTA - A dangerous extension to Chrome, Brave, and Opera browsers used to steal crypto assets from victims, this is part of a recent Satacom campaign discovered by Kaspersky.
The extension allows threat actors to hide any transaction notifications sent to victims via this website to secretly steal their crypto assets.
For information, Satacom is a well-known malware family that has been active since 2019 and is mostly sent via malvertising placed on third-party websites. A malicious link or ad directs users to fake file sharing services and other harmful pages offering to download archives containing Satacom Downloaders.
This latest campaign installs a browser extension that steals crypto assets and hides its activities. The main goal is to steal bitcoin (BTC) from the victim's account by doing a web injection into the website of the targeted crypto asset. However, the malware can be easily modified to target other crypto assets.
Kaspersky telemetry data reveals that during April and May this year, nearly 30,000 people were at risk of being targeted by campaigns. In the last two months, the countries most affected by this threat were Brazil, Mexico, Algeria, Turkey, India, Vietnam, and India.
VOIR éGALEMENT:
The number of users affected in certain countries:
Kaspersky also revealed that the campaign targeted Coinbase, Bybit, Kucoin, Huobi, and Binance users. The initial infection of the campaign started with a ZIP archive file, which was downloaded from a website that appears to mimic software portals and allows users to download the desired software (frequently cracked) for free.
Then, a series of malicious actions allow extensions to walk quietly as users explore the internet. As a result, attackers are able to transfer BTC from the victim's wallet to their wallet using a web injection.
"As a precaution, users are advised to regularly check their online accounts for suspicious activities and use reliable security solutions to protect themselves from threats like this," said Haim Zigel, malware analyst at Kaspersky.