The number of browser extensions trying to steal bitcoin and cryptocurrencies is growing on the internet, with Satacom being another identified fraudster. It drew attention that Brazilians are the main target of the hacker attack.
The recent cryptocurrency theft campaign is linked to the Satacom downloader, a well-known malware family that has been active since 2019 and is mainly distributed through fake advertisements inserted into legitimate websites.
Malicious ads redirect victims to fake file-sharing services and other malicious pages that offer to download a file using the Satacom downloader.
In the case of this new campaign, the downloaded file is the malicious extension installed on Chrome, Brave, and Opera browsers.
Satacom tries to steal bitcoin from victims and Brazil records victims
The main target of the campaign is victims’ bitcoins (BTC) which are stolen using a code injection technique on the legitimate cryptocurrency exchanges webpages, to obtain all the data needed to carry out the financial theft, including authentication tokens.
Experts also claim that the malware can be easily modified to target other cryptocurrencies.
According to Kaspersky telemetry, the largest number of internet users affected by the recent campaign are in Brazil, Mexico, Algeria, Turkey, India, Vietnam and Indonesia.
In-browser manipulation only occurs on target cryptocurrency sites, which are currently targeting Coinbase, Bybit, Kucoin, Huobi, and Binance customers.
In addition to cryptocurrency theft, the extension is also willing to hide fraud. Actions include hiding confirmation messages for all transactions and modifying existing messages through fake histories, which closely resemble official communications.
Brazilians must learn that there is no such thing as a free lunch, an expert warns
According to Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America, having Brazilians at the top of victims shows that many have not yet learned that there is no such thing as a free lunch.
“It seems that Brazilians do not want to learn that there is no such thing as a ‘free’ lunch, as piracy remains an effective way to infect the devices of victims in the country. The first position in the list of most affected countries proves that. As for the technical aspects of the scam, it is worth noting that the infection via a malicious extension can affect any platform be it Windows, Linux or MacOS. In addition to good security, it also pays to constantly check online accounts to make sure everything is in order.”
Malicious campaign details are available on the Secure List website, which can help investors understand the fraud and protect themselves.
Source: Live Coins
Barry Siefert is an accomplished journalist and author at The Nation View. He is known for his expertise in the field of cryptocurrency, and has written extensively on the topic. With a background in finance and economics, Barry has a deep understanding of the underlying technology and market forces that drive the crypto industry.