Delete these Google Chrome extensions now, or risk having your money stolen

(Image credit: Shutterstock)

Google has removed 49 malicious Chrome extensions from its Web Store following concerns that they were stealing cryptocurrency.

As reported by ZDNet, the malicious extensions all posed as cryptocurrency wallet apps but were actually stealing private keys to crypto-wallets as well as users' cryptocurrency.

The extensions were uncovered by MyCrypto's director of security Harry Denley, who noted that all 49 offerings appear to have been created by either the same person or group of people, believed to be a Russian-based threat actor. Additionally all of the extensions have the same functionality but their branding changes based on who they are targeting.

Hundreds more malicious Google Chrome extensions taken down
Hackers impersonate top VPN to steal cryptocurrency
These are the best mining PCs

Denley was able to identify malicious extensions impersonating many well known crypto-wallet apps including Ledger, Trexor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey.

Malicious crypto-wallet extensions

All of the 49 malicious extensions function almost identically to legitimate ones except for the fact that any data entered by a user while setting them up was sent to the attacker's servers or to a Google Form.

While the attackers already have all of the information they need to start stealing users' cryptocurrency, Denley conducted a test in which he found that the funds from his crypto-wallet were not immediately stolen. He believes this is because the threat actor is either interested in only stealing from high-value targets or they haven't figured out how to automate the operation and need to manually access each account.

In a Medium post, MyCrypto explained that there has been an increase in malicious extensions targeting cryptocurrency over the past few months, saying:

“An analysis from our dataset suggests the malicious extensions started to hit the store slowly in February 2020, increased releases through March 2020, and then rapidly released more extensions in April 2020. This means that either our detection is getting much better, or that the number of malicious extensions hitting browser stores to target cryptocurrency users is growing exponentially. An analysis from our dataset suggests Ledger is the most targeted brand — without speculating, it’s hard to say why.”

Since the threat actor behind these malicious extensions has yet to be caught, they may likely try to launch a similar scheme in the future.

We've featured the best antivirus apps for Android.

Also check out these best privacy apps for Android.

Via ZDNet

TOPICS

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Latest

A selection of popular Dyson haircare products against a pink background, with Cyber Monday deals written to the left.

These Cyber Monday Dyson hair-care deals are blowing super-hot

See more latest ►

Malicious crypto-wallet extensions

Are you a pro? Subscribe to our newsletter

Most Popular