Google has taken down crypto-stealing Chrome extensions disguised as digital wallet applications.
Discovered in Google Chrome’s web store are 49 crypto-stealing extensions that have been reportedly stealing cryptocurrencies from unsuspecting users.
According to Harry Denley, director of security at MyCrypto, “whilst the extensions all function the same, the branding is different depending on the user they are targeting.”
The extensions were immediately removed after Google’s confirmation of the report.
The crypto-stealing extensions look like legitimate cryptocurrency wallets, however, what they actually do is trick people into inputting their private keys so the thieves can use them to steal cryptocurrencies. Every piece of sensitive data the user submits through the extension is funneled to the thieves’ servers.
Denley adds that the malicious extensions mimic the interface of many trusted and popular crypto wallet apps such as Ledger, Trexor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.
Some of the extensions have even been found to have a network of fake users that give perfect and positive ratings and feedback. The common feedback given by these individuals are “good,” “helpful app,” and “legit extension.”
Rising number of detected crypto scams
Denley noted that this discovery is a part of the rising number of detections. In a recent blog post, he said:
“An analysis from our dataset suggests the malicious extensions started to hit the store slowly in February 2020, increased releases through March 2020, and then rapidly released more extensions in April 2020.
“This means that either our detection is getting much better, or that the number of malicious extensions hitting browser stores to target cryptocurrency users is growing exponentially. An analysis from our dataset suggests Ledger is the most targeted brand — without speculating, it’s hard to say why.”
Google takes down hundreds of other malicious extensions
This is not the first time Google has taken down malicious browser extensions. In February 2020 alone, Google removed “over 500 malicious Chrome extensions from its official Web Store.”
Security analysts believe that most of the extensions they have found are a part of a bigger malware operation that may have been active as early as 2010.
After the reports were confirmed by Google, they also removed the extensions and deactivated them from users’ browsers.
Greater due diligence over app downloads and permissions are advised during these times, especially now that more and more hackers have begun exploiting even COVID-19 related applications to steal personal information from internet users.
Images courtesy of Pixabay.