Google has removed 49 Chrome extensions from the Web Store that were posing as legitimate cryptocurrency wallets, but contained code that stole crypto-wallet private keys and other private information, reports ZDNet. The extensions posed as well-known existing crypto-wallets such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey. The extensions were discovered by Harry Denley, security director at MyCrypto, who said that all 49 extenions seemingly were put together by the same person/group, believed to be a Russia-based bad actor. Malicious browser extensions have always existed, but the brands targeted this time are new, he said in a blog post. How it worked: Users added the extensions, having no reason to believe that they are not bonafide, to make crypto-wallet transactions. The extensions phished for the user's personal information, such as mnemonic phrases (a group of words to recover your crypto wallet), private keys, and keystore files. Once the user enters their data to the extension, the data is send to the actor's backend, or to a Google Form, where the bad actors receive the secrets and empty the accounts. After sending your data to the backend, the extension sends the user back to default mode, Denley explained. This results in the user getting frustrated and submitting secrets again, or the user uninstalling the extensions, even though their wallet may be drained of funds eventually. However, thefts don't happen immediately. Denley entered the credentials of a test account into one of the extensions, but the funds were not immediately stolen.…
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...