Discovered 22 Chrome (and Brave) extensions that steal cryptocurrencies

Discovered 22 Chrome (and Brave) extensions that steal cryptocurrencies

By Roberto D. | CryptoFarm | 17 Nov 2020


A researcher has discovered 22 extensions for Google Chrome whose sole purpose is to steal users' cryptocurrencies.

As reported by the information portal Naked Security, Harry Denley (cyber security expert specializing in cryptocurrencies) has discovered new fraudulent extensions for Chrome and for chromium-based browsers, such as Brave, which pass themselves off as renowned companies such as Ledger, KeepKey, MetaMask and Jaxx.

Their goal is to trick users into providing the necessary credentials to access actual cryptocurrency wallets.

It appears that many of these extensions were removed within 24 hours of Denley's report, which is obviously good.

 

Fraudulent extensions for Chrome and related: an increasingly widespread problem

Chrome extensions are often used by cybercriminals to steal cryptocurrencies. In April, Google even updated the rules for posting to the Chrome Web Store in an effort to reduce the spread of malicious code.

Also in April, Google removed 49 other fraudulent extensions from the Web Store: many of them had positive reviews, so as to more easily deceive victims. In March, Ledger (a well-known manufacturer of hardware wallets for cryptocurrencies) warned users about the presence of such phishing attacks.

Unfortunately, fraudulent browser extensions are a very common problem. A Reddit user reported losing 14,908 XRPs, equivalent to over $ 2,500 at the time, due to a fake "Ledger Wallet" extension. So stated one of the scammed users:

 

I started the day by selling several of our other cryptocurrencies for Bitcoin, to get financial help, and then consolidated the remaining funds into XRP. I then tried to move the coins to our Ledger.

It's been a while since I last joined Ledger (2018), and I've changed computers since then. I remembered that Ledger had a Chrome extension, and that's where I fell for a scam.

 

The only thing I can tell you is to beware of scam extensions, as you would not give your wallet to someone, don't give your passwords if you are unsure.

Thank you for making it this far, and see you next time!

 

 



Roberto D.
Roberto D.

Born, and still living, in Italy. Passionate about cryptocurrencies since I discovered ethereum in 2016 https://linktr.ee/robertod


CryptoFarm
CryptoFarm

All about crypto and airdrop

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.