Satacom is trying to steal bitcoin from nearly 30,000 internet users and Brazil leads the ranking

The number of browser extensions trying to steal bitcoin and cryptocurrencies is growing on the internet, with Satacom being another identified fraudster. It drew attention that Brazilians are the main target of the hacker attack.

The recent cryptocurrency theft campaign is linked to the Satacom downloader, a well-known malware family that has been active since 2019 and is mainly distributed through fake advertisements inserted into legitimate websites.

Malicious ads redirect victims to fake file-sharing services and other malicious pages that offer to download a file using the Satacom downloader.

In the case of this new campaign, the downloaded file is the malicious extension installed on Chrome, Brave, and Opera browsers.

Satacom tries to steal bitcoin from victims and Brazil records victims

The main target of the campaign is victims’ bitcoins (BTC) which are stolen using a code injection technique on the legitimate cryptocurrency exchanges webpages, to obtain all the data needed to carry out the financial theft, including authentication tokens.

Experts also claim that the malware can be easily modified to target other cryptocurrencies.

According to Kaspersky telemetry, the largest number of internet users affected by the recent campaign are in Brazil, Mexico, Algeria, Turkey, India, Vietnam and Indonesia.

Ranking of countries with the highest number of affected internet users between April and May 2023
Ranking of countries with the highest number of affected internet users between April and May 2023/disclosure.

In-browser manipulation only occurs on target cryptocurrency sites, which are currently targeting Coinbase, Bybit, Kucoin, Huobi, and Binance customers.

In addition to cryptocurrency theft, the extension is also willing to hide fraud. Actions include hiding confirmation messages for all transactions and modifying existing messages through fake histories, which closely resemble official communications.

Fake Binance website is trying to rob Binance investors Satacom to steal Bitcoin
Fake Binance Website Attempting To Steal Cryptocurrency Investors / Disclosure.

Brazilians must learn that there is no such thing as a free lunch, an expert warns

According to Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America, having Brazilians at the top of victims shows that many have not yet learned that there is no such thing as a free lunch.

“It seems that Brazilians do not want to learn that there is no such thing as a ‘free’ lunch, as piracy remains an effective way to infect the devices of victims in the country. The first position in the list of most affected countries proves that. As for the technical aspects of the scam, it is worth noting that the infection via a malicious extension can affect any platform be it Windows, Linux or MacOS. In addition to good security, it also pays to constantly check online accounts to make sure everything is in order.”

Malicious campaign details are available on the Secure List website, which can help investors understand the fraud and protect themselves.

Source: Live Coins

follow:
\