One Ethereum wallet known as the “Shitcoin Wallet” is now reportedly injecting malicious JavaScript code from open browser windows that will steal data from its users. On December 30, the cryptocurrency news featured one cybersecurity and phishing expert named Harry Denley warning users about the potential breach in a tweet, where he wrote:
“A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet@idexio@binance@neotrackerio@SwitcheoNetworkExtension-native wallet create also sends secrets to their backend!”
⚠️ A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md— harrydenley.eth ◊ (@sniko_) December 31, 2019
According to the tweet, the Chrome browser users of the crypto wallet software Shitcoin Wallet are targeting Binance, MyEtherWallet and other popular websites containing users’ passwords and private keys to cryptocurrency.
The Shitcoin Wallet Chrome extension (ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn) works by downloading a number of JavaScript files from a remote server. The code then runs for open browser windows containing webpages of exchanges and Ethereum network tools.
The code also tries to scrape data input into those windows and even though it is not a Bitcoin scam, it is an ETH-related scam which sends information to remote server identified as “erc20wallet.tk” which is actually a top-level domain belonging to Tokelau, a group of South Pacific Islands which are part of New Zealand’s territory.
It is clear now that hackers re trying to exploit the malicious JavaScript Chrome extension. Shitcoin Wallet stealing user data may sound similar to many recent incidents such as Apple threatening to delist Coinbase’s mobile dApp from its app store as well as Google removing the Ethereum wallet app MetaMask from its Google Play App Store (which occurred last week). Both of these moments have been subject to a considerable amount of controversy.
Even though the name should be a dead giveaway which is better to stay away from, the Shitcoin Wallet definitely contains some suspicious added features. A company blog post shows that the wallet claims to have more than 2,000 users and is a web-based wallet which has several extensions for different browsers.
“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article,” it reads.
However, the reality is that this is a malicious JavaScript Chrome extension which leaves users vulnerable to having their data scraped and their personal information compromised.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post