Google Deletes Crypto Malware Targeting Blockchain.com, MyEtherWallet Users

Published at: March 15, 2019

A Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims, a security researcher reported in a blog post on March 14.

The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB.

Denley noted that hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking.

“From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking scripts […] and there was a nice UI to let me know it was doing its job,” he explained in the blog post.

Behind the facade, however, it became apparent the extension requests the input of private keys from popular wallet interfaces MyEtherWallet (MEW) and Blockchain.com. Private keys are then sent to hackers, who can empty wallets of holdings.

The extension lay at the end of a fake giveaway campaign, ostensibly from crypto exchange Huobi, which offered worthless ERC20 Ethereum network-based tokens to unwitting consumers.

It is unknown how long the extension remained available for Google Chrome users.

As Cointelegraph continues to report, bad actors targeting cryptocurrency users have sought increasingly nefarious methods of tricking novices into handing over access to funds. Just this week, a report identified cryptojacking as a sign of increasingly discreet behavior among hackers.

Google itself has come under fire for its own apparent lack of diligence in the past, in February pulling a fake version of popular decentralized app MetaMask from its Play store.

As Cointelegraph reported last month, users of cryptocurrency wallets Electrum and MEW were also facing phishing attacks, according to posts published on Reddit and Twitter.

Tags
Related Posts
BitMEX Observes Increase in Attacks on Accounts, Stresses Security Measures
This article has been updated to correct that BitMEX is not Hong Kong-based. Peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials, according to an official blog post on June 11. In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows: “2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the …
United States / June 11, 2019
Report: North Korean Hackers Created Realistic Trading Bot to Steal Money
The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of DragonEx exchange. In March 2019 the hackers stole approximately $7 million in various cryptocurrencies from Singapore-based DragonEx exchange. Though a relatively small sum, the hackers went to great lengths to obtain it. The group used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading …
Cryptocurrency Exchange / Feb. 5, 2020
Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers
The personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin. The allegation was reported by Cointelegraph Japan on June 16. As Cointelegraph has reported, in January 2018, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets. Cointelegraph Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection. …
Cryptocurrency Exchange / June 17, 2019
UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims
Hackers from North Korea were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit, Korean-language cryptocurrency news outlet CoinDesk Korea reported on May 29. According to findings by local cybersecurity firm East Security, the scam came in the form of an email sent to UpBit users requesting account information. The pretence was a fake giveaway, with the emails also containing a file called “Event Winner Personal Information Collection and Usage Agreement.hwp,” which would run malicious code when opened. UpBit had alerted traders a day before, warning anyone receiving an email from the address “[email protected]” to discard it. …
Cryptocurrency Exchange / May 31, 2019
YouTube Reportedly Runs Malicious Ad for Bitcoin Wallet Electrum by Accident
Video-sharing platform YouTube purportedly ran a malicious advertisement for Bitcoin (BTC) wallet Electrum by mistake, according to a Reddit post published on March 26. Viewers interested in the advertisement were redirected to a malicious link using a common scamming method called typosquatting or URL hijacking. In the Reddit post, a user named mrsxeplatypus warned the public about the promotion of a malware version of Electrum, and described how the scam ad worked: “The malicious advertisement is disguised to look like a real Electrum advertisement [...] It even tells you to go to the correct link (electrum.org) in the video but …
Bitcoin / March 26, 2019