Chrome Browser Extension Ethereum Wallet Injects Malicious JavaScript To Steal Data

Published at: Dec. 31, 2019

An Ethereum (ETH) wallet known as “Shitcoin Wallet” is reportedly injecting malicious javascript code from open browser windows to steal data from its users. On Dec. 30, cybersecurity and anti-phishing expert Harry Denley warned about the potential breach in a tweet:

– Source Twitter

According to Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is targeting Binance, MyEtherWallet and other well-known websites containing users’ passwords and private keys to cryptocurrency.

The Shitcoin Wallet Chrome extension – ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – works by downloading a number of javascript files from a remote server. The code then searches for open browser windows containing webpages of exchanges and Ethereum network tools.

The code attempts to scrape data input into those windows. Once it does, the information is sent to a remote server identified as “erc20wallet.tk,” which is a top-level domain address belonging to Tokelau, a group of South Pacific Islands that are part of New Zealand’s territory.

Google Chrome removed MetaMask, but for different reasons

Shitcoin Wallet stealing user data may sound similar to recent incidents including Apple threatening to unlist Coinbase’s mobile DApp browser from its app store and Google removing Ethereum wallet app MetaMask from its Google Play App Store last week. Both of those instances, however, have been subject to considerable controversy due to lack of evidence of malicious conduct on the part of those apps.

A number of cryptojacking extensions were found on the Google Chrome web store last year. According to a recent report from McAfee Labs, cryptojacking, which occurs when a user’s computing device is secretly used to mine cryptocurrency, has been on the rise, up 29% in Q1 2019.

Shitcoin Wallet was built for trouble online

While the name should be a dead giveaway that it’s better to stay away from this particular Ethereum wallet software, Shitcoin Wallet contains some suspicious added features. 

According to a company blog post, the Ethereum wallet, which launched on Dec. 9 and claims to have over 2,000 users, is a web-based wallet that has several extensions for different browsers. The blog post notes;

“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article.”

However, this doesn’t square with what the company mentions at the end of that very blog post, which says/reads that Shitcoin Wallet is currently only supported by Chrome.

A few days prior to the malicious javascript attack, Shitcoin Wallet announced the launch of its new desktop app, giving away 0.05 ETH to users who download and install the Shitcoin Wallet desktop app.

While those users may have received a bit of free ETH, they are now left vulnerable to having their data scraped and personal information compromised.

Tags
Blockchain
Ethereum
Wallet
Malware
Related Posts
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
ESET Flags New Latin American Banking Trojan That Targets Crypto
Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America. Primary targets Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3. According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard …
Blockchain / Oct. 3, 2019
Unconfirmed: Crypto Startup Enjin to Back Rumored Samsung Galaxy S10 Blockchain Wallet
South Korean crypto company Enjin Wallet has reportedly been appointed by Samsung to back a blockchain wallet in its new Galaxy S10 smartphone, anonymous sources told Asia Crypto Today on Monday, Feb. 25. The anonymous interlocutors provided an image to the outlet that was purportedly posted by Tworld — Korea’s second largest telecom company. The screenshot shows the Enjin wallet being used in the Galaxy S10 for Ethereum (ETH) transactions. The image also features Enjin coin (ENJ) and Basic Attention Token (BAT) — an Ethereum-based token used in digital advertising. Enjin Wallet reportedly used in Samsung blockchain keystore. Source: asiacryptotoday.com …
Blockchain / Feb. 25, 2019
Crypto Wallet Provider Released New App to Store Collectibles and Game Assets
Established crypto wallet provider Lumi announced the release of the “first real app” for collectibles. Unlike the apps that are based on built-in browsers, Lumi Collect is a separate platform designed to run on the Android and iOS devices. “We consider an app solution more secure than the web extension one,” the company says. Lumi allows users to keep all their collectibles in one wallet — including the unique ones and game assets based on Ethereum and ERC-721 tokens. Wallet functions Lumi’s wallet displays all collectible assets associated with the user’s Ethereum address in My Collection tab. Also, the owners …
Blockchain / Sept. 10, 2018
Vitalik Buterin reveals 3 ‘huge’ opportunities for crypto in 2023
Ethereum co-founder Vitalik Buterin has shared three “huge" opportunities yet to be realized in crypto, including mass crypto wallet adoption, inflation-resistant stablecoins, and Ethereum-powered website logins. During an interview with Bankless co-owner David Hoffman, Buterin shared his outlook for the crypto industry in 2023, responding to Hoffman’s raised concern that the “adoption wave” for decentralized applications is now over and that there’s “less opportunity” for developers to come in and build new decentralized applications. Buterin instead shrugged off the “limbo period” that Hoffman eluded to, firstly suggesting that more developments need to be made on cryptocurrency wallet infrastructure in order …
Adoption / Dec. 20, 2022