Google has removed 49 malicious chrome extensions from its Web Store that were stealing crucial crypto wallet information from its users.
Detailed in a Medium post by Harry Denley, director of security at MyCrypto, the browser extensions were impersonating various well-known cryptocurrency web wallets and applications, including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.
These extensions were stealing crypto wallet private keys, mnemonic phrases, and other raw secrets, Denley first found revealed and reported to the search engine giant.
“Some of the extensions have had a network of fake users rate the app with 5 stars and give positive feedback on the extension to entice a user to download it,” Denley pointed out.
The extensions were containing malicious files and storing any details entered into them. The data entered at the time of configuration was either sent to a remote server or to a Google form.
Another Russian hacker?
The report outlined that all the extensions were developed by a single person or a group and is allegedly linked to Russia.
Notably, the attacker did not immediately target the exploited victims to steal from their crypto wallets right away. Denley believes that the attacker was either waiting to target high-value wallets or was in the process of automating the process of theft.
“We’ve sent funds to a few addresses and submitted the secrets to the malicious extensions. However, they were not automatically swept,” the Medium post stated.
As the perpetrator is still unidentified, the chances of the creation of more similar malicious apps are very high.
Many chrome extensions were targeting crypto users in the past, attempting theft from their legitimate wallets.
Last month, Finance Magnates reported on a fake Ledger chrome extension which allegedly involved in the theft of $2.5 million in crypto from various users.