Wednesday, January 27, 03:25
Home security Google removes 49 Chrome extensions responsible for crypto-wallet key theft

Google removes 49 Chrome extensions responsible for crypto-wallet key theft

Researchers have noticed a huge campaign pushing fake browser extensions to users - including Google Chrome extensions - that mimic popular brands using Google Ads and other ad channels.

Extensions aim to steal memorandum phrases, private keys and Keystore files from users and send them to the attacker's server.

Google Chrome

49 Chrome extensions were detected

Malicious encryption extensions were found by Harry Denley, Security Director at MyCrypto. They represent popular brands such as Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey.

As soon as the user enters secret keys with these fake extensions, then the extensions send a HTTP POST request to the C2 server controlled by the intruder.

The researchers also presented a video on how to expand the work of MyEtherWallet. He asks them users to enter all the details and the interface looks like MyEtherWallet itself.

Once the user enters the data, the secrets information sent to the server are controlled by intruders.

Most of the C2 servers were found to be registered between March and April 2020, the oldest of which is (

Some of the extensions use phished data in a GoogleDocs form and some of the malicious extensions use their PHP scripts, the researchers said.

"Some of the extensions had a network of fake users evaluating the application with 5 stars and I was giving positive feedback on the extension to attract a user to download it. Most positive reviews from fake ones users was of low quality, such as "good", "useful application" or "legal extension".

All malicious extensions were reported by researchers on Google Webstore and were removed within 24 hours.

"An analysis of our data shows that the malicious expansions were slow Rhythms "In February 2020, they increased their traffic until March 2020, and then in April 2020, they increased their traffic a lot," said Harry Denley.

The attackers who abuse the Chrome store are not new, 500+ malicious Chrome extensions have recently been removed from the official Chrome Web Store.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.



Joe Biden: Replaces federal vehicles with new electric ones Ο Πρόεδρος Joe Biden ανακοίνωσε την απόφασή του να αντικαταστήσει ολόκληρο τον ομοσπονδιακό στόλο οχημάτων με...

Melanoma: Vaccine protects for 4 years from skin recurrence!

Melanoma is the most dangerous form of skin cancer affecting a large percentage of people worldwide. Now, scientists in the US are taking a breath ...

Facebook: Phone numbers of its users are sold through Telegram bot

Motherboard has revealed that someone has gained access to a database that contains phone numbers of Facebook users and is now selling these ...

How to force Outlook to spell check emails

If spelling is not your "trump card", business emails really do bother you. Nobody wants to send misspelled emails, for ...

Golang: Google fixes a serious Windows RCE vulnerability

This month Google engineers fixed a serious Remote Code Execution (RCE) vulnerability in Go (Golang).

Electricity generation in Europe: RES surpassed fossil fuels

Europe is slowly reducing its dependence on fossil fuels. A report published by Ember and Agora ...

TikTok: Fixed a vulnerability that would allow phone numbers to be stolen

TikTok started a bug bounty program after discovering various vulnerabilities in its application. This effort seems to have ...

MacOS Big Sur 11.2 RC 2 is now available as a public release

The second "release candidate" version of macOS Big Sur 11.2 is now available to developers and beta users. This comes after the ...

A rare species of cloudless exoplanet has been identified

Astronomers have found another strange exoplanet that could broaden our understanding of the universe. Gizmodo reports ...

COVID-19: Companies compete for the vaccination passport

Those vaccinated against Covid-19 at Dodger Stadium receive a CDC card with handwritten details of when they were given the ...