A new malware campaign uses a tool called the Satacom downloader to steal cryptocurrency using a rogue extension for Chromium-based browsers.
The main purpose of the malware is to steal BTC from the victim’s account by performing web injections into targeted cryptocurrency websites, Kaspersky researchers Haim Zigel and Oleg Kupreev say.
Infection chains involving the malware begin when users are redirected to bogus websites that host ZIP archive files containing the malware.
Various types of websites are used to spread the malware, the researchers explained.
Satacom downloadinger, also known as Legion Loader, first emerged in 2019 as a dropper for next-stage payloads, including information stealers and cryptocurrency miners.