wordpress blog stats
Connect with us

Hi, what are you looking for?

Google has removed 49 malicious Chrome extensions posing as crypto-wallets: Report

Google has removed 49 Chrome extensions from the Web Store that were posing as legitimate cryptocurrency wallets, but contained code that stole crypto-wallet private keys and other private information, reports ZDNet. The extensions posed as well-known existing crypto-wallets such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.

The extensions were discovered by Harry Denley, security director at MyCrypto, who said that all 49 extenions seemingly were put together by the same person/group, believed to be a Russia-based bad actor. Malicious browser extensions have always existed, but the brands targeted this time are new, he said in a blog post.

How it worked: Users added the extensions, having no reason to believe that they are not bonafide, to make crypto-wallet transactions. The extensions phished for the user’s personal information, such as mnemonic phrases (a group of words to recover your crypto wallet), private keys, and keystore files. Once the user enters their data to the extension, the data is send to the actor’s backend, or to a Google Form, where the bad actors receive the secrets and empty the accounts. After sending your data to the backend, the extension sends the user back to default mode, Denley explained. This results in the user getting frustrated and submitting secrets again, or the user uninstalling the extensions, even though their wallet may be drained of funds eventually.

However, thefts don’t happen immediately. Denley entered the credentials of a test account into one of the extensions, but the funds were not immediately stolen. He told ZDNet that the threat actor may want to steal funds only from high-value accounts, or hasn’t figured out a way to automate the thefts and thus has to access each account manually.

But they are happening. Denley has tied at least three publicly reported incidents (herehere, and here) of funds theft to one of the 49 extensions. The highest targeted brand of the crypto-wallets was Ledger (57% of extensions), followed by MyEtherWallet (22%).

Advertisement. Scroll to continue reading.

Extensions had fake reviews on Web Store: Some of the extensions had a network of fake users rating the app 5 stars and giving simplistic positive reviews, such as “good,” “helpful app,” or “legit extension.”

One extension did stand out by having the same “copypasta” around 8 times, authored by different users, sharing an introduction into what Bitcoin is and explaining why the [malicious] MyEtherWallet was their preferred browser extension

When the extensions became active: The extensions began to show up on the Web Store in February 2020 and increasingly released in March 2020, and then increased them even further in April. 63% of the extensions were published in the first 14 days of April.

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...


By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ