We Make Software Work For You and Help You Achive Your Ambitious Goals

Where we are

Level 1 / 71 Balmain Street
Cremorne VIC 3121
Australia
(green street entrance)

Contact Us

+ 61 3 9428 9227
info@folio1.com.au

Support

Our existing customers should use our Support Portal

8 Feb

Razy: Browser Malware that Steals Cryptocurrency

IoT-Devices-and-Expanding--Attack-Surfaces

Malware that infects the browser can do serious damage to users. It can alter any pages, inserting ads and changing existing content. It can redirect online payments. A malicious browser extension called Razy has turned up recently, and it carries a slew of techniques for stealing cryptocurrency. It's specific to Windows, but it attacks at least three different browsers: Firefox, Chrome, and the Russian Yandex browser.

How Razy gets into the browser

Browser plugins or extensions are useful things. They let people get extra information about sites, block unwanted ads, and guard against untrusted pages. The problem comes when they aren't supposed to be there, or when they don't do what they advertise. The browser API lets them do almost anything to a page, even if it's nasty.

A secure connection to the site doesn't help. The correct, unaltered information goes from the website to the browser. A malicious extension changes the incoming data after it's received and verified.

People let Razy on their machines when they download supposedly useful software, either from actively malicious sites or from ones that don't screen their offerings well enough. The download first disables scanning of extensions on the browser, as well as automatic installation of updates. Then it installs the Razy plugin. On Firefox it's called "Firefox Protection," and on Yandex it's "Yandex Protect." It does anything but protect. On Chrome, it isn't even visible in the list of extensions.

How Razy robs users

Razy's specialty is stealing cryptocurrency, such as Bitcoin. It has a whole collection of ways to do it:

Malicious browser plugins

Browser plugins which do harmful things are nothing new. Razy just pushes their capabilities more than most do. Other types include:

Users need to be careful about the software they download. They should watch for any unexpected changes in the appearance of familiar websites. Browser malware like Razy can lead not just to inconvenience, but to serious financial loss. If you're looking to develop a better cybersecurity strategy, talk to us.

Thinking of hiring us?

Start Here