Shitcoin Wallet Pushing Malicious Codes, Collecting Exchange Credentials

Wednesday, 01/01/2020 | 11:12 GMT by Arnab Shome
  • The wallet has over 2,000 users, per the company.
Shitcoin Wallet Pushing Malicious Codes, Collecting Exchange Credentials
Pixabay

Shitcoin Wallet, a web-based Ethereum wallet, is injecting malicious javascript codes to wallet users, stealing crucial information.

Revealed by Harry Denley, a security and anti-phishing expert, on Monday, the vulnerable codes are collecting credentials of major crypto platforms, including Binance, MyCryptoWallet, and many others.

Shitcoin Wallet works as a Chrome extension that downloads javascript files from a remote server. The code then looks for any open tabs on the web browser containing pages of any digital asset exchanges and Ethereum network tools to scrape the data in those windows.

The malicious codes send all the data to a remote server identified as “erc20wallet.tk.” The top-level domain belongs to a group of the south pacific island territory of New Zealand called Tokelau.

A suspiciously named wallet indeed

Designed to hold Ethereum and other ERC-20 tokens, the company claims that it has over 2,000 users. The platform basically operates as browser extensions, even though per the company, there is a desktop application for Windows.

“It is a web wallet which has several extensions for different browsers,” a blog post by the company explained.

Meanwhile, many browser extensions were found in the past with malicious codes. However, most of those were illegally mining digital currencies on victims’ computers.

Most recently, Google banned widely used Ethereum wallet and Dapp browser MetaMask for violating its financial policy from Play Store. Though not specified, the tech giant indicated the crypto mining feature, which is strictly bans in its policy. Notably, the platform does not offer any crypto mining services to its users.

Shitcoin Wallet, a web-based Ethereum wallet, is injecting malicious javascript codes to wallet users, stealing crucial information.

Revealed by Harry Denley, a security and anti-phishing expert, on Monday, the vulnerable codes are collecting credentials of major crypto platforms, including Binance, MyCryptoWallet, and many others.

Shitcoin Wallet works as a Chrome extension that downloads javascript files from a remote server. The code then looks for any open tabs on the web browser containing pages of any digital asset exchanges and Ethereum network tools to scrape the data in those windows.

The malicious codes send all the data to a remote server identified as “erc20wallet.tk.” The top-level domain belongs to a group of the south pacific island territory of New Zealand called Tokelau.

A suspiciously named wallet indeed

Designed to hold Ethereum and other ERC-20 tokens, the company claims that it has over 2,000 users. The platform basically operates as browser extensions, even though per the company, there is a desktop application for Windows.

“It is a web wallet which has several extensions for different browsers,” a blog post by the company explained.

Meanwhile, many browser extensions were found in the past with malicious codes. However, most of those were illegally mining digital currencies on victims’ computers.

Most recently, Google banned widely used Ethereum wallet and Dapp browser MetaMask for violating its financial policy from Play Store. Though not specified, the tech giant indicated the crypto mining feature, which is strictly bans in its policy. Notably, the platform does not offer any crypto mining services to its users.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency