Trojan Razy aims crypto-currency theft via loading rogue browser extensions
Security researchers from Kaspersky Lab have found one fresh Trojan horse named Razy which takes the form of browser extension while installing itself else contaminates already present browser extensions once it manages deactivating security checks. Trojan Razy loads rogue extensions onto a number of Web-browsers for theft of crypto-currencies, security researchers noted.
Razy's activity involves searching wallet addresses that contain crypto-currencies as they get exhibited on websites, after which it overwrites them with its creators-controlled address. The Trojan masquerades as QR code images which establish connection with crypto-currency wallets, while makes changes to the crypto-currency trading portals. Eventually it thrusts phony web-links inside search engine hits obtained from Yandex or Google.
Apparently Razy has been created to target Russian users chiefly. The Trojan's contamination of Yandex, Mozilla Firefox and Google Chrome Web-browsers represents its most perilous characteristic as other malware creators can replicate it. Meanwhile, Razy's approach to different browsers is slightly varied. Thus in the case of Firefox, it makes a replica of Firefox Protection, name of a rogue extension, after which it edits a number of configuration files of end-user profiles so it's able to penetrate the browser devoid of obtaining end-users' confirmation. For Google Chrome, Razy makes changes to existing extensions instead of planting itself like one.
The security researchers wrote that they observed instances wherein various Chrome extensions got contaminated. A particular extension needed special mention viz., Chrome Media Router that was part of the facility having identical moniker inside Web-browsers related to Chromium. That extension existed on all systems which had Google's Chrome loaded, albeit it wasn't depicted within the loaded extensions' list, the researchers indicated. Securityboulevard.com posted this, January 28, 2019.
Apart from stealing crypto-currencies, Razy thrusts malicious ads and videos into different online sites. It also issues security alerts and errors which result in phishing websites. Razy further masquerades as donation requirements exhibited on Wikipedia website, while exhibits phony promises for tokens via the Telegram site.
Razy's threat can be tackled with AI (artificial intelligence) incorporated inside malware defense programs of organizations. It's further recommended that organizations utilize block-chain and related sophisticated methodologies for safeguarding from crypto-currency thefts.
» SPAMfighter News - 2/4/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!