This Chrome Extension Steals Crypto and Passwords

Browser extensions make surfing the web better. They add useful features missing from the original browser, and allow you to customize your internet experience to fit your needs. However, they aren’t without risk, as we saw this week.

The extension in question is “Google Sheets 2.1,” at least that was its name at the time of identification. Back in May, the extension was named “Update Manager,” according to security researcher Colin Cowie. Whether victims downloaded the extension thinking it was a Google Sheets productivity tool, or an add-on to help with updates, the end result was the same: Malware named “VenomSoftX.”

VenomSoftX, which has plagued the internet since 2020, wants two things from its victims: Cryptocurrency and clipboard content, with a goal of grabbing your passwords. According to cybersecurity software company Avast, the extension has earned developers roughly $130,000. Avast has reportedly stopped 93,000 infection attempts against customers.

VenomSoftX steals its cryptocurrency by diverting transactions.

How to identify if you installed VenomSoftX malware on Chrome

This extension currently appears as Google Sheets 2.1. If you open your Chrome Extensions page and see this extension listed, remove it immediately.

Photo by Michael Geiger on Unsplash