This malicious Google Chrome extension wants your passwords and cryptographic keys

Researchers allege that an especially nasty piece of crypto-stealing malware has been given a makeover, making it even more hazardous.

Avast’s malware researchers have discovered that the JavaScript-based RAT ViperSoftX, which has been operating for over two years, has been updated to additionally install a Chrome browser extension.

If ViperSoftX detects that a victim is trying to copy and paste a cryptocurrency wallet address, it will replace the original address with an address belonging to the attackers. With this method, the attackers may collect the money sent by the victim.

A bogus add-on for Google Sheets

Because cryptocurrency addresses are just a lengthy string of characters, it’s easy to trick people into thinking they’ve been hacked.

This extension does the same fundamental function, although with somewhat increased productivity. To dispel any doubts about its good intentions toward the victims, it is being marketed as “Google Sheets 2.1.”

According to the study’s authors, “VenomSoftX primarily achieves this (steals crypto) via hooking API calls on a few highly famous crypto exchanges victims visit/have an account with.” “When a user makes a call to a particular API, for instance to pay money, VenomSoftX modifies the request before it is issued in order to divert the funds to the attacker.”

According to Avast, the malware specifically targets Coinbase, Binance, Kucoin,, and among other prominent cryptocurrency exchanges and exchange platforms. The programme does not rest there, though; it also monitors the clipboard for the presence of any additional wallets.

The fact that the VenomSoftX extension may change HTML on websites to expose the victim’s bitcoin wallet address is only one of two scary features of this malware. Simply looking at the URL after you’ve copied and pasted it won’t help. Moreover, the virus would snoop on every API calls made to the services and increase the transaction amount to its limit. This ensures that the victim will lose all of their money even if they do a test transaction (a modest transaction of, say, 10) first.

Finally, if the victim enters their password while using Blockchain, the malware will attempt to steal it.

According to the analysts, the amount of cryptocurrency stolen by the attackers amounts to about 130,000. We don’t know the exact number of victims, but the majority live in the United States, Italy, Brazil, and India.

In the unlikely event that you find Google Sheets 2.1 installed, please uninstall it immediately.