US internet giant Google has removed 49 Chrome extensions from its Web Store that mimic popular cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor and Electrum and aim to steal users’ private keys.
The crypto wallets, which enable crypto money holders to interact with a blockchain network, provide the necessary software support for buying and selling crypto money through blockchain transactions, based on the private and public key.
Web-based wallets, one of the crypto wallet types, provide access to blockchain networks with a browser interface, but malicious extensions detected in Google Chrome show that users should open their eyes to web-based wallets.
Google removed 49 Chrome extensions that mimic crypto wallet apps
US internet giant Google has removed 49 Chrome extensions from the Web Store, which appear to be legitimate cryptocurrency wallet apps but contain malicious codes to steal users’ private keys. It is estimated that a Russian-based group is behind the extensions discovered by Security Director Harry Denley on the MyCrypto platform.
the extension; Stating that it looks like known crypto wallet apps like Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey, Denley even states that their working logic is the same. Stating that all the data entered by the victim during the configuration steps were transferred to a server under the attack of the attacker, Denley says, however, that theft did not happen immediately.
Malicious extensions target more high-value accounts
Denley, who conducted a small trial, states that a test account entered credentials in one of the malicious extensions, but the funds were not stolen immediately. Considering that the group is only interested in stealing digital assets in high-value accounts, the security researcher states that some recently disclosed theft to the public is associated with the extensions.
Denley now wants users who discover similar Chrome extensions or have their funds closed to cybercriminals to send reports to CryptoScamDB. This is because these reports help detect malicious extensions faster by Denley and others security researchers and remove them from the Chrome Web Store.