Google removed 49 cryptocurrency theft extensions for Chrome browser

Google has removed 49 extensions from the Chrome web store. These applications were distributed under the guiseutilities for working with cryptocurrency wallets, but contained malicious code.

Director and Security ResearcherMyCrypto platform Harry Denley, who discovered these extensions, believes that they were all created by one person or group, presumably from Russia.

“All the presented extensions function the same, they differ only in that they are aimed at different categories of users,” — Denley reported.

All 49 extensions distributed under the guise ofofficial utilities for working with cryptocurrency wallets KeepKey, Ledger, Exodus, Trezor, MetaMask, Jaxx, MyEtherWallet, Electrum. They skillfully copied the interface of these extensions and functioned almost identically. But user-entered data, including private keys and mnemonic phrases, was sent to attackers.

Denley decided to conduct an experiment and entered the data of his test wallet in one of the fraudulent extensions. As a result, he found out that funds from wallets do not disappear immediately:

“Probably the attackers are waiting until a more impressive amount is on the wallet, or they have not yet been able to automate the process and they have to empty the wallets manually.”

The researcher pointed to three public cases(1, 2, 3) cryptocurrency theft, where he believes users have become victims of these 49 extensions. He said that attackers will likely try to re-add malicious extensions to the Chrome Web Store.

Denley urged users to report anysuspicious extensions that may cause your wallet to be hacked via the CryptooveredDB website. This will help you quickly track down malicious extensions and remove them.

</p></p>