Trojan Razy Adds Rouge Browser Extension For Cryptojacking

By Kapil Gauhar

Security researchers from Kaspersky Lab have discovered one fresh Trojan horse named Razy that takes the form of browser extension while installing itself and contaminating already installed browser extensions once it manages deactivating security checks.

The Trojan Razy loads rogue extensions onto a number of Web-browsers for the theft of digital currencies, noted by security researchers.

Razy’s Activity involves searching the wallet addresses containing digital currencies as they get exhibited on the website, after which it overwrites them with its creators-controlled address. The Trojan masquerades as QR code images that establish connection with cryptocurrency wallets, while making changes to the virtual currency trading portals. Ultimately, it thrusts phony website links within the search engine hits obtained from Google or Yandex.

Apparently Razy has been developed particularly for targeting Russian users chiefly. The Trojan’s contamination of Yandex, Google Chrome, Mozilla Firefox web browsers represents its most perilous characteristic as other malware creators can replicate it.

In the meantime, Razy’s approach to various browsers is slightly varied. In this way, in case of Firefox, it makes a replica of Firefox Protection, name of the rogue extension, after that it edits a number of configuration files of end-user profiles so it’s able to penetrate the browser devoid of obtaining end-users’ confirmation.

For Google Chrome, Razy makes some serious changes to existing extensions rather than planting itself like one.

The security researchers wrote that they observed examples in which various Chrome extensions got contaminated.

A particular extension required special mention viz., Chrome Media Router which was part of the facility having identical moniker inside the web-browsers associated to Chromium. That extension existed on all the systems which had Google’s Chrome loaded, albeit it was not depicted inside the loaded extensions’ list, indicated by the researchers.

Apart from stealing digital currencies, Razy thrusts malicious ads and videos into the different online websites, also, it issues security alerts and errors resulting in phishing websites.

Furthermore, Razy masquerades as donation requirements exhibited on Wikipedia websites, while exhibiting phony promises for tokens through the Telegram site.

Razy’s threat can be handled with Artificial Intelligence incorporated inside the malware defense programs of organizations. It’s further recommended that companies use blockchain and associated sophisticated methodologies for protecting from cryptocurrency thefts.