Cybernews reports that trojanized ZIP files purporting to be legitimate software, which are hosted in GitHub repositories promoted in Google search results, have enabled the compromise of nine web browsers, including Google Chrome, Microsoft Edge, and Brave, for the subsequent exfiltration of cryptocurrency wallets as part of the BoryptGrab attack campaign.Suspected Russian threat actors have sought to pilfer funds from nearly three dozen cryptocurrency wallets, including Atomic, Coinomi, Dogecoin, Ethereum, Ledger Wallet, and Trezor Suite, according to Trend Micro researchers. Further analysis of the campaign revealed the distribution of a BoryptGrab variant that spread the Python-based TunnesshClient backdoor, which establishes a reverse Secure Shell tunnel under the guise of a standard system file."Threat actors increasingly exploit trust in legitimate developer platforms and opensource ecosystems. With dozens of repositories, shifting payloads, and numerous build names observed in the wild, the operation's scale indicates an active and ongoing threat," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds