VenomSoftX, an extension of the web browser Google Chrome which is used to steal information, is now helping to steal users’ crypto and clipboard contents. The bad actors deploy the extension in a Windows malware to target the web users while they surf the internet and record the things like their passwords and other critical information about their crypto holdings. Recently, FTX users were also hacked after the collapse.

Exploiters Use Google Chrome Extension to Steal Clipboard Content and Crypto of Users

A Windows malware called ViperSoftX installs this Chrome extension. It plays the role of a JavaScript-based remote access trojan (RAT) as well as a crypto hijacker. This malware has been used since 2020. It was formerly revealed in a Fortinet-based report authored by security researchers named Colin Cowie and Cerberus.

Nonetheless, a report has been recently published by Avast in which the researchers have given information regarding the Chrome extension. The report also explained that the activities of the malware have gone through a wide-ranging development currently. This year, Avast has discovered and eliminated up to 93,000 infection attempts made by ViperSoftX against the users thereof. Most such attempts were made in India, Brazil, Italy, and the United States.

ViperSoftX’s chief distribution channel deals with torrent files comprising the linked activators of software products and the game cracks. Through the analysis of the wallet addresses associated with VenomSoftX and ViperSoftX samples, Avast revealed the amount gained in this respect. As per the antivirus company, these 2 had jointly yielded approximately $130,000 for their operators by the 8^th of November this year.

**You May Also Like: **How much of your wealth is in crypto (on average)?

The Extension Masks Itself as Google Sheets 2.1 to Stay Undetected

The stolen crypto funds were acquired by distracting crypto transfers attempted on affected devices. To keep itself concealed from the victims, the extension cover-ups as “Google Sheets 2.1”, a productivity app of Google. Colin Cowie also detected this extension with the name “Update Manager” in May.

As Google Sheets counts as an extension that is normally mounted in Google Chrome rather than the others, the user can check the extension page of the browser to know if it is installed. If the respective extension is installed then the user should delete it right away and should clear the browser data to ensure the removal of the malicious extension.