Fake Chrome extensions embodied popular wallet apps, including General ledger, Trezor, Jaxx, Electrum, MyEtherWallet, Exodus and other.


The internet company, Google has removed 49 extensions from Chrome from your web shop for theft of cryptographic data. The removed extensions reportedly posed as Chrome legitimate crypto wallets, but containing malicious code that stole private keys and other security data.

An entry of Blog, the security director for MyCryptoHarry Denley, a crypto wallet company, explained how to discover malicious extensions. Denley explained that the removed apps pretended to be popular cryptocurrency wallets, including General ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus y KeepKey.

He also explained that extensions work essentially maliciously pishing (or phishing) to steal mnemonic phrases, private keys and keystore files. The security director managed to remove the 49 counterfeit extensions Chrome in collaboration with PhishFort, the company specializing in cybersecurity companies Phishing.

Fake Chrome extensions

Research related to PhishFort suggested that fraudulent apps reached the webshop from Chrome in February this year. Later versions would be released in March and April 2020. The report also suggested this General ledger It was the wallet app with the highest number of malicious extensions.

This is not the first time that hacker You use the wallet General ledger Attack cryptocurrency users. As reported DailyBitcoinA user recently reported that a malicious extension of this wallet stole $ 16,000 ZEC (Zcash).

On the other hand, many users could not tell that they were facing misleading applications because of their reputation. The report published by Denley describes the following:

Some of the extensions had a network of fake users who rated the app with 5 stars and gave positive feedback to tempt users to download it. Most of the positive comments from bad actors were of poor quality, such as “good”, “useful app” or “legitimate extension”..

Another research finding is that all extensions were developed by a single person or group that is said to be hosted in Russia. The investigation revealed 14 control servers behind all extensions. However, a detailed analysis showed that a single actor handled the most extensions.

Hackers have stolen cryptographic keys

A strange fact is that cyber attackers didn’t seem to have stolen victims’ cryptocurrency funds right away. In this regard, Denley deals with the hypothesis that the attacker was targeting high-quality purses or was in the process of automating the theft process.

We sent money to some addresses and sent the secrets to the malicious extensions. However, they were not removed automatically..

Even so, many other users said they lost their money in digital currencies due to fake extensions. The report also warned that the chances of re-creating similar fraudulent applications are very high because the malicious author has not yet been identified. Denley gave users a number of recommendations to stay safe from such attacks.

He also shared a video on how a fake extension works for users of MyEtherWallet. In essence, he explained, it looks just like the typical experience MyEtherWallet until the user enters his password. After sending the key, the malicious application sends the secret data to the hacker before sending it back to the standard view. The application immediately stopped responding and the money was stolen.

Similar links

Hackers steal 1.4 million tokens XRP through extensions of Google Chrome

The attacker steals $ 45 million from the investor by hacking his phone’s SIM card

Fraudsters pose as WHO to steal bitcoins

Sources: medium, Cointelegraph, Financial magnates,

Hannah Estefanía Pérez ‘version / DailyBitcoin

picture of Pixabay


Add Comment

Your email address will not be published. Required fields are marked *