: It specifically targets browser extensions for cryptocurrency wallets like MetaMask and Coinbase.
The file typically surfaces on fraudulent websites or via phishing messages that promise free rewards, game cheats, or cracked versions of popular software. According to researchers at Trend Micro , these campaigns frequently use alluring filenames like "Hoobamon_Reward" to lower a user's guard. The "Infection" Sequence Hoobamon_Reward_96.zip
: It searches for sensitive documents, Keychain data, and desktop files. and credit card information from Chrome
: It extracts saved passwords, cookies, and credit card information from Chrome, Firefox, and Safari. Hoobamon_Reward_96.zip