According to Manoharan Ramachandra, a research candidate at the Bourenmouth University, the probability of stealing depends on where a user keeps it.
Ramachandra said “Cryptocurrencies are values that are stored in blockchain under different addresses. One can exchange these values between different addresses using the private key of each address.”
He further said “If an address and private key are stored somewhere, it is called a wallet. If you have a private wallet where you can control your private key, then you are solely responsible for your cryptos. If you lose your private key, you will lose your money forever.”
Over here, the malicious program searches for cryptocurrency wallets on websites and replaces them with the threat actor’s wallet addresses. As of now, researchers have found that the malicious program Trojan.Win32.Razy.gen “works” on Google Chrome, Mozilla Firefox and Yandex browser.
In Firefox, Razy installs an extension called ‘Firefox Protection’. In Yandex, it edits a file to disable the security check of the browser and creates a registry key to disable browser updates. Thereafter, it installs a malicious extension called Yandex Protect. Similarly, in Google Chrome, it edits files, disables security check and infects the existing extension.
The research report said “Main.js (a script in the Razy program) also spoofs Google and Yandex search results. Fake search results are added to pages if the search request is connected with cryptocurrencies and cryptocurrency exchanges, or just music downloading or torrents. This is the way that users are enticed to visit infected websites or legitimate websites laced with scam/fake messages which would usually describe the user about “new features”.
According to the Kaspersky Report, Razy scripts show the user false messages about “new features” in exchanges and offer to sell cryptocurrency at higher market rates. In other words, users are persuaded to transfer money under the pretext of a good deal to a cybercriminal wallet.