22 More Crypto-Stealing Google Chrome Extensions Discovered

Published at: May 8, 2020

A security researcher has discovered another 22 Google Chrome web browser extensions built to steal their users' cryptocurrencies.

Cybersecurity news outlet Naked Security reported on Friday that Harry Denley, a security researcher specializing in cryptocurrencies, discovered 22 more malicious Google Chrome extensions. The extensions he discovered impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask and Jaxx. Their purpose is to trick users into giving away the credentials needed to access their wallets.

Most of the phishing extensions have already been taken down as of press time.  Per the report, most were down within 24 hours of Denley reporting them. Cointelegraph reached out to Harry Denley, but the researcher has not returned our inquiry by press time.

Google Chrome extensions are often used for phishing

Google Chrome’s extensions store appears to be a major area of focus for cybercriminals looking to steal cryptocurrencies. At the end of April, Google managers changed the rules governing the publication of Chrome extensions in an attempt to make it more difficult for scammers to spread malicious code.

As Cointelegraph reported in mid-April, Google removed 49 phishing Chrome web browser extensions after reports of malicious activity. In early March, leading cryptocurrency hardware-wallet producer Ledger warned its users about the phishing extensions on the store.

Late April, reports suggested that Google still has to address the broader issue of phishing campaigns that utilize its platforms. A report suggests that the firm’s advertisement platform, Google Ads, was used to attract victims to the phishing clone of a cryptocurrency exchange. Meanwhile, blockchain firm Ripple Labs filed a lawsuit against YouTube, seeking damages after crypto scammers impersonated them on the platform.

Tags
Related Posts
Fraudulent Site Impersonates Encrypted Messaging Service to Steal Bitcoins
Cybercriminals have reportedly created a fake site version of the legitimate encrypted self-destructing notes service privnote.com. The fake version can be shared with other users to steal Bitcoin. According to a June 14 report from KrebsOnSecurity, the creators of the encrypted notes service complained about a fake clone site, privnotes.com, whose scam scheme consists of the following: “Any messages containing Bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.” Privnote.com said in the report that the phishing site does …
Bitcoin / June 15, 2020
Reddit user warns of a copy & paste exploit that stole his crypto
A Reddit user operating under the name “seraf1990” warned of a copy & paste crypto scam that replaced a wallet address he copied from Coinbase with one belonging to scammers. According to seraf1990, he lost about $350 worth of Bitcoin (BTC) — money that he notes was meant to go towards his rent for next month. The post explains that seraf1990 was attempting to cash out some BTC by sending it from Binance to his account on Coinbase. After copying the exchange’s Bitcoin wallet address, he pasted it into the appropriate field back on Binance and completed the transaction “without …
Bitcoin / Aug. 26, 2020
Game over! Squid Game-inspired crypto scam collapses as price crashes from $2.8K to zero
A cryptocurrency inspired by Netflix's internationally hit TV show "Squid Game" scammed investors in what appears to be a $3.38 million "rug pull" scheme. Dubbed "SQUID," the cryptocurrency plunged to almost a fraction of a cent minutes after crossing over $2,850 at 09:35 UTC, Nov. 1. The deadly drop surfaced following a 75,000% bull run, showcasing a greater demand for SQUID among traders after its debut on Oct. 26. At the core of the retail craze lay the popularity of Squid Game. The scammers promoted SQUID as a play-to-earn cryptocurrency inspired by the South Korean TV fictional show in which …
Markets / Nov. 2, 2021
Indian prime minister Modi's hacked Twitter account attempts BTC scam
The official Twitter account of Indian Prime Minister Narendra Modi got compromised earlier today, which was then used to share misleading information about the mainstream adoption of Bitcoin (BTC) and redistribution of 500 BTC among the Indian citizens. On Dec. 10, Modi said in a virtual event virtual summit hosted by US President Joe Biden that technologies such as cryptocurrencies should be used to empower democracy and not undermine it: “By working together, democracies can meet the aspirations of our citizens and celebrate the democratic spirit of humanity.” While the long-awaited Lok Sabha Winter Session, a parliamentary meetup intended to …
Adoption / Dec. 12, 2021
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022