Dear customers, please pay attention: Kaspersky Lab products detected the malicious program Trojan.Win32. Razy.gen – an executable file that spreads via advertising blocks on websites and is distributed from free file-hosting services and installs malware browser extensions on victims’ PC to steal cryptocurrencies and substitute the pages of cryptocurrency exchanges.
Its main tool is the script main.js
that is capable of:
- Searching for addresses of cryptocurrency wallets on websites and replacing them with the threat actor’s wallet addresses
- Spoofing images of QR codes pointing to wallets
- Modifying the web pages of cryptocurrency exchanges
- Spoofing Google and Yandex search results
The Trojan Razy ‘works’ with Google Chrome, Mozilla Firefox and Yandex Browser, though it has different infection scenarios for each browser type.
Please, pay attention! This script could modify the exchange page!
These scripts display fake messages to the user about “new features” in the corresponding exchanges and offers to sell cryptocurrency at above market rates. In other words, users are persuaded to transfer their money to the cybercriminal’s wallet under the pretext of a good deal.
Please be careful and do not install untested software. If you have discovered new suspicious functions of the exchange, we recommend that you take a screenshot and contact EXMO support at firstname.lastname@example.org.
Follow all updates on the EXMO platform in the News section of our website or via our official Telegram
You can find useful information about cryptocurrencies and exchange trading on EXMO’s YouTube
Thank you for staying with us!
Best regards, EXMO team
LOGIN TO EXMO