This Trojan infects Chrome browser extensions, spoofs searches to steal cryptocurrency
Researchers with Kaspersky Lab have uncovered a Trojan that is designed to compromise systems by somewhat unorthodox means in order to steal cryptocurrency. The Trojan, dubbed Razy, is distributed through malicious web-based adds (malvertising) as well as file hosting services.
The Trojan can install new browser extensions on Google Chrome, Mozilla Firefox, Yandex and other browsers, which is behavior that has been spotted before. However, Razy can also compromise existing extensions and it is capable of altering search results on Google and Yandex. The main goal of the Trojan is to get access to user’s cryptocurrency wallets in order to steal the contents.