top of page
Search

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

TrendMicro published their analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Tracking the cybercriminal group’s latest activities, TrendMicro found a malicious browser extension capable of creating and stealing API keys from infected machines when the victim is logged in to a major cryptocurrency exchange website. These API keys allow the extension to perform transactions and send cryptocurrencies from victims’ wallets to the attackers’ wallets.




MALWARE FAMILIES: TrojanSpy, Coinbase API


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1098 - Account Manipulation, T1104 - Multi-Stage Channels, T1106 - Native API, T1176 - Browser Extensions, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1111 - Two-Factor Authentication Interception


Read More:

2 views

Comments


Commenting has been turned off.
bottom of page