Google Bans 49 Fake Chrome Extensions for Stealing Crypto Data

Wednesday, 15/04/2020 | 07:16 GMT by Arnab Shome
  • All the browser extensions were developed by a Russian person or a group.
Google  Bans 49 Fake Chrome Extensions for Stealing Crypto Data
Pixabay

Google has removed 49 malicious chrome extensions from its Web Store that were stealing crucial crypto wallet information from its users.

Detailed in a Medium post by Harry Denley, director of security at MyCrypto, the browser extensions were impersonating various well-known cryptocurrency web wallets and applications, including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.

These extensions were stealing crypto wallet private keys, mnemonic phrases, and other raw secrets, Denley first found revealed and reported to the search engine giant.

“Some of the extensions have had a network of fake users rate the app with 5 stars and give positive feedback on the extension to entice a user to download it,” Denley pointed out.

The extensions were containing malicious files and storing any details entered into them. The data entered at the time of configuration was either sent to a remote server or to a Google form.

Another Russian hacker?

The report outlined that all the extensions were developed by a single person or a group and is allegedly linked to Russia.

Notably, the attacker did not immediately target the exploited victims to steal from their crypto wallets right away. Denley believes that the attacker was either waiting to target high-value wallets or was in the process of automating the process of theft.

“We’ve sent funds to a few addresses and submitted the secrets to the malicious extensions. However, they were not automatically swept,” the Medium post stated.

As the perpetrator is still unidentified, the chances of the creation of more similar malicious apps are very high.

Many chrome extensions were targeting crypto users in the past, attempting theft from their legitimate wallets.

Last month, Finance Magnates reported on a fake Ledger chrome extension which allegedly involved in the theft of $2.5 million in crypto from various users.

Google has removed 49 malicious chrome extensions from its Web Store that were stealing crucial crypto wallet information from its users.

Detailed in a Medium post by Harry Denley, director of security at MyCrypto, the browser extensions were impersonating various well-known cryptocurrency web wallets and applications, including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.

These extensions were stealing crypto wallet private keys, mnemonic phrases, and other raw secrets, Denley first found revealed and reported to the search engine giant.

“Some of the extensions have had a network of fake users rate the app with 5 stars and give positive feedback on the extension to entice a user to download it,” Denley pointed out.

The extensions were containing malicious files and storing any details entered into them. The data entered at the time of configuration was either sent to a remote server or to a Google form.

Another Russian hacker?

The report outlined that all the extensions were developed by a single person or a group and is allegedly linked to Russia.

Notably, the attacker did not immediately target the exploited victims to steal from their crypto wallets right away. Denley believes that the attacker was either waiting to target high-value wallets or was in the process of automating the process of theft.

“We’ve sent funds to a few addresses and submitted the secrets to the malicious extensions. However, they were not automatically swept,” the Medium post stated.

As the perpetrator is still unidentified, the chances of the creation of more similar malicious apps are very high.

Many chrome extensions were targeting crypto users in the past, attempting theft from their legitimate wallets.

Last month, Finance Magnates reported on a fake Ledger chrome extension which allegedly involved in the theft of $2.5 million in crypto from various users.

About the Author: Arnab Shome
Arnab Shome
  • 6655 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency