— 第三系列 —
点击数:812 时间:2024-11-05
Researchers with cybersecurity firm Trend Micro have uncovered a malicious extension in Googles Chrome web browser that uses a multitude of methods to steal and mine cryptocurrency from infected users.近日,网络安全公司趋势科技的研究人员在谷歌Chrome浏览器中找到了一个蓄意拓展程序,它不会用于多种方法从不受病毒感染的用户那里盗取和挖出加密货币。The malware, which Trend Micro calls FacexWorm, makes its way onto a victims browser via social engineering tactics conducted through Facebook Messenger.趋势科技将该恶意软件称作“FacexWorm”,它是通过Facebook Messenger展开的社交工程策略入侵受害者的浏览器。A target would receive a link leading to a fake YouTube page that would prompt the user to install an extension in order to play the video. Once the extension is installed, its programmed to hijack users Facebook accounts and spread the link throughout their friends list.一个目标不会接到一个链接,弹头出有一个欺诈的YouTube页面,提醒用户加装拓展程序以播出视频。一旦加装了拓展程序,它就不会被编程为挟持用户的Facebook账号并将其链接传播到他们的朋友列表中。
FacexWorm appears to be a Swiss Army knife of cryptocurrency-oriented malware. According to Trend Micro, the malicious extension has various capabilities:FacexWorm或许是面向加密货币恶意软件的“瑞士军刀”。据趋势科技称之为,蓄意拓展具备各种功能:If an infected user tries logs into Google, MyMonero or Coinhive, FacexWorm will intercept the credentials.如果不受病毒感染用户尝试指定谷歌、MyMonero或Coinhive,FacexWorm将截击凭证。When a victim tries to go to a specified set of cryptocurrency trading platforms, they get redirected to a scam site that requests a small amount of Ether, ostensibly for verification purposes.当受害者企图采访一组登录的加密货币交易平台时,他们不会被重定向到一个拒绝少量Ether的骗局网站,表面上用作检验目的。
If FacexWorm detects that a user is on a cryptocurrency transaction page, the extension replaces the wallet address entered by the user with another one from the attacker.如果FacexWorm检测到用户正处于加密货币交易页面,则拓展程序将用户输出的钱包地址更换为攻击者的另一个地址。Trend Micro says currencies targeted include bitcoin, Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero.趋势科技回应,目标货币还包括比特币、比特币黄金、比特币现金、Dash、以太币、Ethereum Classic、瑞波币、莱特币、Zcash和Monero。Trying to go to certain websites will redirect a victim to a referral link that rewards the attacker.企图采访某些网站不会将受害者重定向到奖励攻击者的引荐链接。And, of course, FacexWorm has a cryptojacking component, using the victims processor to mine for cryptocurrency.当然,FacexWorm还有一个加密组件,用于受害者的处理器来挖出加密货币。
If an affected user appears to be trying to remove the malicious plugin, it has ways of stopping them, Trend Micro says. If a user tries opening Chromes extension management page, the malware will simply close the tab.趋势科技称之为,如果不受影响的用户或许企图移除蓄意插件,它还有方式展开制止。如果用户尝试关上Chrome的拓展管理页面,恶意软件将非常简单重开该选项卡。FacexWorm reportedly first surfaced last year. But it appears to be adware-oriented in its first iteration and hasnt been very active until Trend Micro noticed it last month.据报导,FacexWorm去年首次经常出现。
但它在第一次递归中或许是面向广告软件的,并且在趋势科技上个月找到它之前仍然十分活跃。Trend Micro says its only discovered one instance in which FacexWorm compromised a bitcoin transaction, according to the attackers digital wallet address, but that that theres no way to tell for sure how much the attackers have actually profited.根据攻击者的数字钱包地址,只有FacexWorm找到了一个比特币交易被侵略的例子,但是没办法确认攻击者实际利润的多少。The attacker is persistently trying to upload more FacexWorm-infected extensions to the Chrome Web Store, the researchers say, but Google is proactively removing them.研究人员说道,攻击者仍然在企图将更好不受FacexWorm病毒感染的拓展程序上传遍Chrome网上应用于店,但Google正在主动将其移除。
Trend Micro says Facebook, with which it has a partnership, has automated measures that detect the bad links and block their spread.趋势科技称之为Facebook与其创建了合作伙伴关系,早已使用自动化措施来检测不当链接并制止其传播。
本文来源:hahabetcom官网星辰大海-www.airkloud.com