A new Trojan that steals cryptocurrency by targeting webpages, google searches and chrome browser extensions has been discovered by Kaspersky Labs.

Named the Razy Trojan, it can install malicious browser extensions or infect already installed extensions. While the primary threat is to google chrome it can also infect Firefox and Yandex browsers.

The executable file Trojan.Win.Razy.gen spreads through malware or file hosting services cloaked as legitimate software.

Cryptocurrency exchanges and crypto related websites are vulnerable as Razy modifies target web pages. The Trojan consists of JavaScript files that inserts advertising into a websites HTML pages. The malicious code searches for addresses of cryptocurrency wallets on a site and replaces them with the hackers wallet addresses.

The code is spread further as it submits adverts from compromised sites to google search.

The Kaspersky Lab website details the malicious JavaScript code, the files it infects and its mechanism, as well as a list of sites that are known to have been compromised.

For more details see:

https://securelist.com/razy-in-search-of-cryptocurrency/89485/

Stay safe!