以后地位 : 注释

谷歌阅读器被曝含歹意插件 会偷取用户假造钱币?

工夫:2018-05-13 21:22 阅读:

Researchers with cybersecurity firm Trend Micro have uncovered a malicious extension in Google's Chrome web browser that uses a multitude of methods to steal and mine cryptocurrency from infected users. 克日,网络平安公司趋向科技的研讨职员在谷歌Chrome阅读器中发明了一个歹意扩展顺序,它会运用多种办法从受熏染的用户那边盗取和发掘加密钱币。 The malware, which Trend Micro calls "FacexWorm", makes its way onto a victim's browser via social engineering tactics conducted through Facebook Messenger. 趋向科技将该歹意软件称为“FacexWorm”,它是经过Facebook Messenger停止的交际工程战略侵入受益者的阅读器。 A target would receive a link leading to a fake YouTube page that would prompt the user to install an extension in order to play the video. Once the extension is installed, it's programmed to hijack users' Facebook accounts and spread the link throughout their friends list. 一个目的会收到一个链接,弹出一个虚伪的YouTube页面,提示用户装置扩展顺序以播放视频。一旦装置了扩展顺序,它就会被编程为挟制用户的Facebook账号并将其链接传达到他们的冤家列表中。 FacexWorm appears to be a Swiss Army knife of cryptocurrency-oriented malware. According to Trend Micro, the malicious extension has various capabilities: FacexWorm好像是面向加密钱币歹意软件的“瑞士军刀”。据趋向科技称,歹意扩展具有种种功用: If an infected user tries logs into Google, MyMonero or Coinhive, FacexWorm will intercept the credentials. 假如受熏染用户实验登录谷歌、MyMonero或Coinhive,FacexWorm将阻拦凭据。 When a victim tries to go to a specified set of cryptocurrency trading platforms, they get redirected to a scam site that requests a small amount of Ether, ostensibly for verification purposes. 当受益者试图拜访一组指定的加密钱币买卖平台时,他们会被重定向到一个要求大批Ether的骗局网站,外表上用于验证目标。 If FacexWorm detects that a user is on a cryptocurrency transaction page, the extension replaces the wallet address entered by the user with another one from the attacker. 假如FacexWorm检测到用户处于加密钱币买卖页面,则扩展顺序将用户输出的钱包地点交换为打击者的另一个地点。 Trend Micro says currencies targeted include bitcoin, Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero. 趋向科技表现,目的钱币包罗比特币、比特币黄金、比特币现金、Dash、以太币、Ethereum Classic、瑞波币、莱特币、Zcash和Monero。

Trying to go to certain websites will redirect a victim to a referral link that rewards the attacker. 试图拜访某些网站会将受益者重定向到嘉奖打击者的引荐链接。 And, of course, FacexWorm has a cryptojacking component, using the victim's processor to mine for cryptocurrency. 固然,FacexWorm另有一个加密组件,运用受益者的处置器来发掘加密钱币。 If an affected user appears to be trying to remove the malicious plugin, it has ways of stopping them, Trend Micro says. If a user tries opening Chrome's extension management page, the malware will simply close the tab. 趋向科技称,假如受影响的用户好像试图删除歹意插件,它另有方法停止制止。假如用户实验翻开Chrome的扩展办理页面,歹意软件将复杂封闭该选项卡。 FacexWorm reportedly first surfaced last year. But it appears to be adware-oriented in its first iteration and hasn't been very active until Trend Micro noticed it last month. 据报道,FacexWorm客岁初次呈现。但它在第一次迭代中好像是面向告白软件的,而且在趋向科技上个月发明它之前不断十分活泼。 Trend Micro says it's only discovered one instance in which FacexWorm compromised a bitcoin transaction, according to the attacker's digital wallet address, but that that there's no way to tell for sure how much the attackers have actually profited. 依据打击者的数字钱包地点,只要FacexWorm发明了一个比特币买卖被入侵的例子,但是没有方法确定打击者实践赢利的几多。 The attacker is persistently trying to upload more FacexWorm-infected extensions to the Chrome Web Store, the researchers say, but Google is proactively removing them. 研讨职员说,打击者不断在试图将更多受FacexWorm熏染的扩展顺序上传到Chrome网上使用店,但Google正在自动将其删除。 Trend Micro says Facebook, with which it has a partnership, has automated measures that detect the bad links and block their spread. 趋向科技称Facebook与其树立了合作同伴干系,曾经接纳主动化步伐来检测不良链接并制止其传达。