热门关键词:泛亚电竞,泛亚电子竞技官网,泛亚电竞网站登录  
当前位置:首页 > 案例展示
GoogleChrome浏览器中找到故意拓展程序流程
2021-01-09 [9224]
本文摘要:ResearcherswithcybersecurityfirmTrendMicrohaveuncoveredamaliciousextensioninGooglesChromewebbrowserthatusesamultitudeofmethodstostealandminecryptocurrencyfrominfectedusers

Researchers with cybersecurity firm Trend Micro have uncovered a malicious extension in Googles Chrome web browser that uses a multitude of methods to steal and mine cryptocurrency from infected users.前不久,网络信息安全企业趋势科技的科学研究工作人员在GoogleChrome浏览器中找到一个故意拓展程序流程,它不容易用以多种多样方式从来不受病毒性感染的用户那边窃取和挖到加密货币。The malware, which Trend Micro calls FacexWorm, makes its way onto a victims browser via social engineering tactics conducted through Facebook Messenger.趋势科技将该恶意程序称之为“FacexWorm”,它是根据Facebook Messenger进行的社交媒体工程项目对策侵入受害者的电脑浏览器。A target would receive a link leading to a fake YouTube page that would prompt the user to install an extension in order to play the video. Once the extension is installed, its programmed to hijack users Facebook accounts and spread the link throughout their friends list.一个总体目标不容易收到一个连接,子弹头出有一个诈骗的YouTube网页页面,提示用户改装拓展程序流程以开播视頻。

一旦改装了拓展程序流程,它就不容易被程序编写为劫持用户的Facebook账户并将其连接散播到她们的盆友目录中。FacexWorm appears to be a Swiss Army knife of cryptocurrency-oriented malware. According to Trend Micro, the malicious extension has various capabilities:FacexWorm也许是朝向加密货币恶意程序的“瑞士军刀”。据趋势科技称作,故意拓展具有各种各样作用:If an infected user tries logs into Google, MyMonero or Coinhive, FacexWorm will intercept the credentials.假如不会受到病毒性感染用户试着特定Google、MyMonero或Coinhive,FacexWorm将截击凭据。

趋势科技

When a victim tries to go to a specified set of cryptocurrency trading platforms, they get redirected to a scam site that requests a small amount of Ether, ostensibly for verification purposes.当受害者妄图访谈一组登陆的加密货币平台交易时,她们不容易被跳转到一个回绝小量Ether的骗术网址,表层上作为检测目地。If FacexWorm detects that a user is on a cryptocurrency transaction page, the extension replaces the wallet address entered by the user with another one from the attacker.假如FacexWorm检验到用户正处在加密货币买卖网页页面,则拓展程序流程将用户輸出的钱夹详细地址拆换为攻击者的另一个详细地址。Trend Micro says currencies targeted include bitcoin, Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero.趋势科技答复,总体目标贷币还包含BTC、BTC金子、比特币现金、Dash、以太坊、Ethereum Classic、瑞波币、莱特币、Zcash和Monero。

加密货币

Trying to go to certain websites will redirect a victim to a referral link that rewards the attacker.妄图访谈一些网址不容易将受害者跳转到奖赏攻击者的举荐连接。And, of course, FacexWorm has a cryptojacking component, using the victims processor to mine for cryptocurrency.自然,FacexWorm还有一个数据加密部件,用以受害者的CPU来挖到加密货币。If an affected user appears to be trying to remove the malicious plugin, it has ways of stopping them, Trend Micro says. If a user tries opening Chromes extension management page, the malware will simply close the tab.趋势科技称作,如果不受影响的用户也许妄图清除故意软件,它也有方法进行劝阻。

假如用户试着合上Chrome的拓展管理页面,恶意程序将比较简单再开该菜单栏。FacexWorm reportedly first surfaced last year. But it appears to be adware-oriented in its first iteration and hasnt been very active until Trend Micro noticed it last month.据报道,FacexWorm上年初次经常会出现。但它在第一次递归中也许是朝向广告推送的,而且在趋势科技上月寻找它以前依然十分活跃性。Trend Micro says its only discovered one instance in which FacexWorm compromised a bitcoin transaction, according to the attackers digital wallet address, but that that theres no way to tell for sure how much the attackers have actually profited.依据攻击者的数字钱包详细地址,仅有FacexWorm找到一个虚拟货币交易被入侵的事例,可是没法确定攻击者具体盈利的是多少。

The attacker is persistently trying to upload more FacexWorm-infected extensions to the Chrome Web Store, the researchers say, but Google is proactively removing them.科学研究工作人员讲到,攻击者依然在妄图将更强不会受到FacexWorm病毒性感染的拓展程序流程上遍及Chrome网上运用于店,但Google已经积极将其清除。Trend Micro says Facebook, with which it has a partnership, has automated measures that detect the bad links and block their spread.趋势科技称作Facebook两者之间建立了合作方关联,早就应用自动化技术对策来检验不善连接并劝阻其散播。


本文关键词:泛亚电子竞技官网,用户,攻击者,程序流程,加密货币

本文来源:泛亚电竞-www.qp6358.com