Hacker attempts to steal crypto via fake Google Chrome extensions

A hacker is exploiting trust in renowned brands by creating fake cryptocurrency wallet extensions for Google Chrome that deceive victims into revealing sensitive information. The Director of security at wallet provider MyCrypto, Harry Denley, who detected the fake wallet extensions, stated that Google had removed 49 extensions from its Web Store till now that were claiming to be well-known crypto wallets.

.@Google has removed 49 Chrome extensions masquerading as legitimate crypto wallets, including Ledger, MyEtherWallet, MetaMask and Jaxx, according to MyCrypto’s Harry Denley. @paddybaker_ reports https://t.co/0ZUKL91rda

— CoinDesk (@CoinDesk) April 16, 2020

The fake extensions are basically scamming ploys. Posing as legitimate wallets, they provide personal information added by users, like private keys and passwords, to the hacker, who can then steal funds within a few seconds.

The fakes detected have thus far claimed to be wallets including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey. Test amounts of crypto sent by Denley haven’t been received, indicating that either the hacker has to empty wallets manually or they’re only curious about comparatively large balances.

Denley noted that on the Chrome Web Store, most of these apps had good reviews written typically in simplistic or broken English. On the basis that the admin email appears to be a Russian one, it’s possible the hacker could also be based there.

Over half of the malicious attempts reported are attributed to hardware wallet maker Ledger which is almost double to MyEtherWallet which was 22% of fake attempts and stands at the 2nd highest. Denley reported that there are no clear indicators as to why hackers in such a large number are attempting on the Ledger.

When inquired about the ways to stop hackers from creating new fake extensions, Denley’s response to told CoinDesk was: “Not really, though Google could use the data from the 49 extensions we’ve flagged to build some detection – though it could be easily bypassed.”

“Most of the malicious extensions had the same structure and same files which could be analyzed,”. He further added, “The only way I can think of limiting the victim pool is by education and normalizing the behavior of not entering raw secrets into [user interfaces].”

Denley has displayed his concern over serious security threats faced by cryptocurrency wallets. Previously he raised his concern over the security of wallets as the same private key was issued to multiple users.

Denley identified fake wallets in February 2020, ever since then, the reported number of phishing attempts have increased exponentially on a monthly basis. Since the hackers are successful in concealing identity while creating fake wallet extension ad infinitum, therefore the incidence of fake attempts is more likely to increase.