Security researchers from Kaspersky Lab have discovered that the Razy Trojan installs rogue extensions in multiple browsers, in an attempt to steal cryptographic currency.
The trojan was distributed through advertisements on websites and free file hosting services that were disguised as legitimate software. For various browsers – Google Chrome, Mozilla Firefox and Yandex Browser – the malware uses a different infection process. The infection disables automatic updates and checks on the integrity of installed extensions.
Next, the main.js script is used to steal cryptic currency, by searching websites for addresses of the digital wallets. If it finds what it was looking for, the Trojan replaces the addresses of the wallets of addresses under the control of the malware operators.
Razy can also spoof images of QR codes referring to wallets, customize trade websites by showing messages that lure users by offering new features, and change search results from Google and Yandex to get victims to visit infected websites.
Security professionals are advised to implement Artificial Intelligence (AI) in their organization’s security strategies. These include AI in detectors and cyber deception to deactivate AI-driven attacks. In addition, the use of blockchain is recommended.
Previous attacks
The Razy Trojan is not the first malware to steal crp currency from users. For example, in July last year, Fortinet discovered a malware that modified the content on the user’s clipboard to replace a copied bitcoin address with one of the attackers.
A few months later, DarkGate was discovered by researchers from enSilo. DarkGate is a malware capable of displaying crypto-mining and ransomware-like behavior, in addition to stealing cryptographic currency from victims’ wallets.
The malware variants were all part of the growth in cryptographic currency theft last year. In the first six months of 2018, 1.1 billion dollars of cryptic currency was stolen, Carbon Black observed. In one of those attacks, $530 million was stolen in one go.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.