Google has removed 49 extensions for the Chrome browser from its storefront. These extensions were positioned as full-fledgedutilities for working with cryptocurrency wallets,but they actually contained malicious code to steal private keys, mnemonic phrases and other user data, writes ZDNet with reference to security researcher Harry Denley.
According to Denley, all 49 extensions were created by one person or group, presumably from Russia.
“The functionality of all extensions is the same. Only branding differs depending on which users they are oriented to ”- he said.
These extensions were distributed under the guise of official software for working with wallets such as:
- Ledger,
- Trezor
- Jaxx
- Electrum,
- MyEtherWallet,
- MetaMask
- Exodus
- KeepKey.
They functioned “almost identically to the present”, but all the data entered by the user was at the disposal of the attackers on separate servers or in Google Form.
The theft of assets did not occur immediately. Denley conducted an experiment in which he entered the data of his test account into the extension and for some time retained control over the deposited assets. In his opinion, the attackers are only interested in large accounts or have not yet figured out how to automate the withdrawal process.
The researcher pointed out at least threepublicly known cases when, as he thinks, these extensions were used to steal crypto assets. It is expected that in the near future, attackers can again begin to spread their malware on the network.
</p> 5
/
5
(
1
voice
)
Read this:
Google removed 49 cryptocurrency theft extensions for Chrome browser
Expert warned about Shitcoin Wallet Ethereum wallet that steals personal data
ESET: hackers distribute fake version of Tor browser to steal bitcoins
Official crypto assets rating of China for February 2020
Search for gray miners in the bowels of Chrome and Opera
US authorities arrested $ 550,000 cryptocurrency suspects