A new malware marketing campaign has been identified that exploits the Satacom downloader, also recognised as LegionLoader, to distribute a browser extension designed to steal cryptocurrency.
The Satacom downloader, a infamous malware relatives that emerged in 2019, is recognized for utilizing DNS server queries to retrieve the next malware phase from an additional household involved with Satacom.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The malware is dispersed by 3rd-party internet websites, at times leveraging authentic promoting plugins exploited by attackers to inject malicious commercials into web internet pages.
In accordance to a new advisory by Kaspersky, the principal goal of the malware dropped by the Satacom downloader is to steal Bitcoin (BTC) from victims’ accounts. It achieves this by installing a Chromium-centered web browser extension that communicates with a command-and-regulate (C2) server.
Go through a lot more on crypto-stealing malware: “Kekw” Malware in Python Deals Could Steal Knowledge and Hijack Crypto
The extension employs several JavaScript scripts to manipulate users’ browsers when searching qualified cryptocurrency internet sites. It can also customize the visual appeal of email services like Gmail, Hotmail and Yahoo to hide its exercise involving the victim’s cryptocurrencies.
The preliminary an infection takes place when a consumer downloads a ZIP archive file from a bogus application portal containing reputable DLLs and a malicious Set up.exe file.
The malware spreads through diverse styles of web sites, some of which have hardcoded obtain backlinks, although some others inject a misleading “Download” button employing reputable advertisement plugins. Kaspersky highlighted that the QUADS advert plugin had been abused to deliver the Satacom malware.
The moment the malware is executed, it employs procedure injection methods to evade detection by antivirus packages. The security professionals explained that the dynamic mother nature of this malware marketing campaign poses issues for mitigation and detection.
Based mostly on Kaspersky’s telemetry information, this campaign focuses on particular person users globally. In the course of Q1 2023, Brazil, Algeria, Turkey, Vietnam, Indonesia, India, Egypt and Mexico were being the nations around the world with the highest an infection frequency.
Consumers are recommended to physical exercise warning when downloading computer software from untrusted sources and to preserve their antivirus software up to date to guard versus these kinds of threats.
The Kaspersky advisory will come a couple of months right after a US man was charged with fraudulently buying $110m worth of cryptocurrency from Mango Markets – a crypto trade – and its prospects.
Some areas of this report are sourced from:
www.infosecurity-journal.com