Google Removed 49 Fake Chrome Browser Extensions Targeting Crypto Wallets

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Google has recently removed dozens of fake Chrome extensions from the Chrome store. These extensions were malicious since they targeted crypto wallets to steal keys.

Fake Chrome Browser Extensions

According to ZDNet, Harry Denley of MyCrypto observed numerous browser extensions with malicious behavior on the Chrome Store. As per his findings, these fake Chrome extensions stole keys from crypto wallets.

Sharing the details in a post, Denley explained that he found 49 different Chrome extensions using malicious impersonation. They targeted crypto wallets: Ledger, Trezor, Electrum, Jaxx, KeepKey, Exodus, MyEtherWallet, and MetaMask. , among these Ledger emerged as the most-targeted crypto wallet.

Regarding how the extensions worked, researchers stated,

The extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files. Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts.

The following video demonstrates how an extension targeted MyEtherWallet.

The researcher observed that the attack would not begin right away. Rather, the attacker behind the extensions tended to wait. After pilfering the details, the attackers would start withdrawing funds from the victim’s wallets after the user would uninstall the extension out of frustration.

Google Removed Malicious Extensions

Upon discovering these malicious extensions, the researchers collaborated with Google. Following the reports, Google removed the extension within 24 hours.

However, the purportedly Russian attacker behind this campaign remains at large. Thus, the threat for the re-emergence of such malicious extensions on the Web Store still exists.

Most crypto wallets targeted in this campaign have previously made it to the news for various cybersecurity incidents. Thus, the present attack continues the trail of crypto scams, reiterating the need for wariness while dealing with cryptocurrency.

Researchers advise users to use a separate browser for cryptocurrency data to limit the scope of attack surface. Also, they recommend users to review the permissions asked by different extensions, and get rid of any extension that asks for unnecessary permissions.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!