Google terminated 49 Chrome extensions from its Web Store that were posing as authentic cryptocurrency wallet applications. These wallet applications were stealing crypto-wallet private keys and other important data, including mnemonic phrases and secret codes from users.
These corrupted extensions were discovered by the Director of Security at MyCrypto Platform, and it has been reported that all these forty-nine extensions have been put together by a single person or a group, which probably means that this is the work of a threat-actor, most likely from Russia.
These extensions function in the same manner, but their branding is different. This is obviously because these extensions are meant to target different users with different names.
These malicious extensions pose as renowned crypto-wallets applications like Ledger, Trezor, Electrum, MetaMask, KeepKey, MyEtherWallet, Jaxx, and Exodus. They work similarly as the real ones by collecting data from victims during the configuration setups and then sending it to the attacker’s servers.
Thefts are not made immediately, which can mean two things; either the thief is aiming to steal funds from high-tiered users like important people of big corporations, organizations etc., or the attacker has to access each account manually and not through automated routes.
In any case, thefts are happening, and it is not new.
Google has time and again encountered such threats and has tried to help and support people through its various measures. Since a couple of years, there has been a constant threat of state-sponsored web attacks against human rights activists, government officials and other important personnel. Most of them are attacks by threat actors only.
This time, Google had to remove the corrupt extensions, the folks at MyCrypto are issuing warnings because of the nature of malicious cryptocurrencies stealing extensions, the victims cannot recover stolen funds. So, it is better to stay alert because this threat-actor can produce some other malicious and corrupted extensions on Web Store again.
Also, it is strongly advised that users should file a report on the CryptoScamDB if they find any clue about suspicious extensions which might cause wallet hacks and funds theft in future. Such reports help to track down malicious extensions faster and have them taken down from the Chrome Web Store quickly before much damage is done.
Read next: New Vulnerability In TikTok Might Let Hackers Inject Fake Videos In Your Account
These corrupted extensions were discovered by the Director of Security at MyCrypto Platform, and it has been reported that all these forty-nine extensions have been put together by a single person or a group, which probably means that this is the work of a threat-actor, most likely from Russia.
These extensions function in the same manner, but their branding is different. This is obviously because these extensions are meant to target different users with different names.
These malicious extensions pose as renowned crypto-wallets applications like Ledger, Trezor, Electrum, MetaMask, KeepKey, MyEtherWallet, Jaxx, and Exodus. They work similarly as the real ones by collecting data from victims during the configuration setups and then sending it to the attacker’s servers.
Thefts are not made immediately, which can mean two things; either the thief is aiming to steal funds from high-tiered users like important people of big corporations, organizations etc., or the attacker has to access each account manually and not through automated routes.
In any case, thefts are happening, and it is not new.
Google has time and again encountered such threats and has tried to help and support people through its various measures. Since a couple of years, there has been a constant threat of state-sponsored web attacks against human rights activists, government officials and other important personnel. Most of them are attacks by threat actors only.
This time, Google had to remove the corrupt extensions, the folks at MyCrypto are issuing warnings because of the nature of malicious cryptocurrencies stealing extensions, the victims cannot recover stolen funds. So, it is better to stay alert because this threat-actor can produce some other malicious and corrupted extensions on Web Store again.
Also, it is strongly advised that users should file a report on the CryptoScamDB if they find any clue about suspicious extensions which might cause wallet hacks and funds theft in future. Such reports help to track down malicious extensions faster and have them taken down from the Chrome Web Store quickly before much damage is done.
Read next: New Vulnerability In TikTok Might Let Hackers Inject Fake Videos In Your Account