ChainCatcher news, cryptography researcher @LehmannLorenz stated on the X platform that his computer was nearly compromised, and just one click could install a malicious extension. The developers behind the extension were unverified, yet it garnered 1.7 million downloads within a day of release (more than any other extension) and a perfect 5/5 star rating. After downloading the malicious extension and extracting its contents, everything appeared normal - except for the obfuscated "extension.js" file that ran during installation. Log files indicated that the script ultimately encountered an error, relying on PowerShell execution, running entirely in memory without leaving any traces on the disk.In response, Slow Mist's Yu Xian stated that this is a supply chain net attack targeting Solidity smart contract developers. The editor environment is a high-risk area for supply chain attacks. They have always tried to isolate what they can, avoid installations whenever possible, and ensure the "just enough" principle. Anything flashy is thrown onto a separate computer or virtual machine.

ChainCatcher news, the Google Chrome browser recently discovered a malicious extension named "VenomSoftX" that can be used to steal users' cryptocurrency and sensitive data. This extension is installed through the Windows version of ViperSoftX malware, which is a JavaScript-based RAT (Remote Access Trojan) and cryptocurrency hijacker.Security company Avast found that, by analyzing the hardcoded wallet addresses in the samples of ViperSoftX and VenomSoftX, as of November 8, the two have collectively earned hackers approximately $130,000. This stolen cryptocurrency was obtained through the transfer of cryptocurrency transactions attempted on the attacked devices, excluding profits from parallel activities. (IT Home)