CP
cyberpings
Malware & RansomwareHIGH

Torg Grabber - New Infostealer Targets 728 Crypto Wallets

BCBleepingComputer
Torg Grabbercrypto walletsinfostealerGen Digitalmalware
🎯

Basically, Torg Grabber is a new malware stealing data from many cryptocurrency wallets.

Quick Summary

Torg Grabber malware is stealing sensitive data from over 700 crypto wallets. This poses significant risks to users' financial security. Stay informed and protect your assets.

What Happened

A new infostealer malware named Torg Grabber has emerged, targeting sensitive data from 850 browser extensions, with a staggering 728 of these extensions dedicated to cryptocurrency wallets. The malware gains initial access using a technique called ClickFix, which hijacks the clipboard and tricks users into executing a malicious PowerShell command. Researchers from Gen Digital report that Torg Grabber is actively developed, with 334 unique samples compiled in just three months, indicating a rapid evolution in its capabilities.

The malware's development has seen a shift in its communication methods. Initially, it used a Telegram-based system for data exfiltration, but this was replaced with an HTTPS connection routed through Cloudflare infrastructure. This change allows for chunked data uploads and payload delivery, enhancing its stealth and effectiveness.

Who's Being Targeted

Torg Grabber is particularly dangerous for cryptocurrency users. It targets 25 Chromium-based browsers and 8 Firefox variants, attempting to steal credentials, cookies, and autofill data. Some of the most popular wallets targeted include MetaMask, TrustWallet, and Coinbase. The malware's reach extends to 103 password managers and various other applications, including Discord, Telegram, and Steam.

The sheer number of extensions affected means that many users may not even be aware that their wallets are at risk. The malware's ability to infiltrate a wide array of applications makes it a significant threat to anyone involved in cryptocurrency transactions.

Signs of Infection

Users should be vigilant for signs of infection from Torg Grabber. The malware can create a hardware fingerprint, take screenshots, and even execute shellcode on compromised devices. It also documents installed software, including antivirus tools, which indicates its sophisticated evasion techniques. If you notice unusual activity in your cryptocurrency wallets or password managers, it may be a sign of Torg Grabber's presence.

How to Protect Yourself

To safeguard against Torg Grabber, users should take proactive measures:

  • Update your software regularly to patch vulnerabilities.
  • Use multi-factor authentication for your cryptocurrency wallets and sensitive accounts.
  • Monitor your accounts for unauthorized transactions or changes.
  • Educate yourself about phishing techniques to avoid falling victim to ClickFix or similar methods.

Staying informed and vigilant is key to protecting your digital assets from evolving threats like Torg Grabber.

🔒 Pro insight: Torg Grabber's rapid development and extensive targeting reflect a growing trend in malware sophistication, particularly in the cryptocurrency sector.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Ransomware - US Healthcare Provider Hit by Iranian Gang

A U.S. healthcare provider has been targeted by the Iranian ransomware gang Pay2Key. This attack underscores the growing risk to critical infrastructure. Organizations must enhance their cybersecurity measures to combat such threats.

SC Media·
HIGHMalware & Ransomware

Malware - Open Directory Campaign Uses Obfuscated VBS Files

A new malware campaign is using obfuscated VBS files and PNG loaders to deploy RATs. Organizations are at risk as this sophisticated attack reveals a complex multi-stage operation. Immediate protective measures are crucial to safeguard systems from these threats.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Trojanized ConnectWise ScreenConnect Attack Uncovered

A new tax-themed malvertising campaign is spreading trojanized ConnectWise ScreenConnect installers. Unsuspecting users searching for tax documents are at risk. Stay vigilant and protect your devices from these sophisticated attacks.

SC Media·
HIGHMalware & Ransomware

Malware - Illicit npm Packages Spread Covert Infections

Illicit npm packages are using fake install logs to spread malware. Developers are at risk of losing sensitive data and cryptocurrency. Stay vigilant and verify package sources!

SC Media·
HIGHMalware & Ransomware

Malware - Student Arrested in ClayRat Spyware Scheme

A student has been arrested for running the ClayRat spyware operation targeting Android users. This malware's rapid growth and collapse reveal significant security flaws. Stay informed to protect your devices from similar threats.

SC Media·
HIGHMalware & Ransomware

VoidLink - Analyzing a Sophisticated Linux Rootkit Framework

Elastic Security Labs has analyzed VoidLink, a complex Linux rootkit framework. This malware uses advanced techniques to evade detection and maintain persistence. Organizations using Linux systems should be aware of the risks and take action to protect their environments.

Elastic Security Labs·