Similar to previous routines, this new component is spread via fake crack (also known as warez) websites.
These API keys allow the extension to perform transactions and send cryptocurrencies from victims’ wallets to the attackers’ wallets. Tracking the cybercriminal group’s latest activities, we found a malicious browser extension capable of creating and stealing API keys from infected machines when the victim is logged in to a major cryptocurrency exchange website. We published our analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Update ( 2:05AM EST): We have updated the list of IOCs and detections.
0 kommentar(er)
