Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data

Published at: April 15, 2020

Google recently removed 49 phishing Google Chrome web browser extensions after receiving reports about their activity.

Harry Denley, director of security at cryptocurrency wallet startup MyCrypto, explained in an April 14 Medium post how he got the extensions removed from Chrome’s store within 24 hours with the help of phishing-specialized cybersecurity firm PhishFort. 

The removed extensions include ones that targeted the owners of hardware wallets produced by Ledger, Trezor and KeepKey, and users of software wallets Jaxx, MyEtherWallet, Metamask, Exodus and Electrum.

The extensions triggered the users to enter the credentials needed to access the wallet — such as mnemonic phrases, private keys and keystore files — and sent them to bad actors. Hackers were then able to steal the crypto assets contained in the wallets.

Some of the extensions also had fake five-star ratings in the Chrome extension store, but the reviews contained little to no info ranging from “good,” “helpful app” to “legit extension.” 

One of the extensions reportedly had the same review copied and pasted eight times by different users. The copypasta included an introduction to Bitcoin (BTC) and explained why MyEtherWallet — the extension’s targeted wallet — was the preferred wallet option. It is worth noting that MyEtherWallet does not actually support Bitcoin.

One bad actor controlled most extensions

The investigation uncovered 14 control servers behind all the extensions, but fingerprinting analysis revealed that some of the servers were managed by the same bad actors, with the oldest domain being linked to many other control servers. Denley subsequently concluded that the same bad actors were behind most of the extensions.

Some of the domains used in the phishing campaigns were relatively old, but 80% of them were registered in March and April 2020. Most of the extensions were published on Chrome’s store this month.

Not the first phishing extensions targeting crypto users

This is not the first time that the community has discovered a malicious Google Chrome browser extension targeting crypto users. As Cointelegraph reported in late March, a Redditor warned the community that he lost some crypto assets after falling victim to a fake Ledger extension.

Google Chrome extensions targeting crypto users are so common, that earlier this month MyEtherWallet warned its user that its official extension was removed for allegedly containing malware. Fortunately, the extension was restored shortly after the team contacted Google to solve the issue.

Brett Callow, threat analyst at cybersecurity firm Emsisoft shared some advice on how to avoid falling victim to such phishing attempts:

"Security products may detect malicious extensions, but the first line of defence should always be common sense. The best advice is to only install extensions from official stores and to do a little research prior to installing them. If a website randomly prompts you to ‘Click ‘allow' to continue downloading an important browser update,’ just close the page.”

Tags
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Developers Propose Plan to Protect Ethereum Classic Network From Further Attacks
Ethereum Classic (ETC) accelerator Ethereum Classic Labs announced a plan to protect the blockchain from further attacks. On Aug. 19 the organization proposed taking immediate action in implementing long-term changes to the network architecture over the next three to six months. The accelerator decided to focus their efforts on improving the network’s security after recent attacks on the blockchain. The immediate measures proposed by Ethereum Classic Labs include a “defensive mining” cooperation with mining pools and miners to maintain a consistent hashrate and gain the ability to increase it when needed. A higher hashrate would render a 51% attack against …
Altcoin / Aug. 20, 2020
Decentralized Apps May Solve SIM Swapping Woes
In the US alone, over $55m has been stolen through SIM swapping attacks since 2018. NEM, a blockchain-based ecosystem, believes that decentralized apps could provide a meaningful solution to this problem. According to NEM, they’re working with a solution called “FIX Network”, which was established to help mobile subscribers secure private keys and transactions on SIM cards. The network leverages a blockchain-based protocol to support the security and privacy of mobile subscribers, NEM explains: “This unique architecture will allow mobile operators to deliver services such as digital identity management, cryptocurrency wallets, and personal data firewalls, all enabled by the safekeeping …
Technology / July 31, 2020
Reversible blockchain transactions would improve cryptocurrency
A proposal out of Stanford University to make crypto transactions reversible is adding a wrinkle to discussions of crime and fraud prevention. Researchers suggested that mutability — the ability to reverse blockchain transactions — would help prevent crime. One of the advantages of cryptocurrency is that it is possible for the market — individuals, traders and banks — to decide if reversibility is wanted. Not only would a new (reversible) cryptocurrency be able to test the acceptance or desire for reversible transactions, it would help to test the idea that reversibility reduces crime. Although cryptocurrency is not a tool of …
Technology / Oct. 5, 2022