E-commerce
Now Reading
This Google Chrome Extension is Trying to Steal Your Cryptocurrency
0

This Google Chrome Extension is Trying to Steal Your Cryptocurrency

by Aiman MaulanaJanuary 4, 2020
What's your reaction?
Me Gusta
0%
WOW
0%
Potato
0%
Sad Reacc
0%
Angery
0%

This Google Chrome Extension is Trying to Steal Your Cryptocurrency

This Google Chrome Extension is Trying to Steal Your Cryptocurrency 25

If you have dabbled in cryptocurrency in one way or another, then this is something you need to be extra careful of. It appears that a Google Chrome extension is doing more than its intended purpose which could lead to the creators stealing your cryptocurrency.

The Google Chrome extension in question here is the aptly named Shitcoin Wallet. If you’re curious to know about it, click right here.

According to Director of Security at MyCrypto, Harry Denley, he discovered that Shitcoin Wallet is stealing your private keys and login details. The extension is supposed to let users manage their Ether (ETH), cryptocoins, and other ERC-20-based coins.

It has been estimated that over 600 users have installed the extension before Google removed it from the Chrome Store. It doesn’t automatically do damage just by being installed however, as it needed some triggers for the malicious code to work.

  • The extension needs to be installed by the user
  • Once installed, the extension requests permission to inject JavaScript (JS) on 77 websites
  • Then once the user navigates to any of those sites, the extension loads an additional JS file from https://erc20wallet[.]tk/js/content_.js
  • That JS file then activates on the following sites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
  • Once activated, the extension scans for login details, private keys inside your user area of those five sites, and then sends all the data to erc20wallet[.]tk

Essentially, it’s like someone making duplicates of your house keys but without your knowledge. Thus far, we have yet to hear about anyone losing their crypto coins but it’s better to be safe than sorry. Needless to say that if you have it on your browser, remove it as soon as possible.

Source: Knowtechie

Pokdepinion: If you don’t have two-factor authentication enabled for things that involve money, you might as well donate your crypto coins. On a more serious note, you should definitely not install weird extensions or apps for any reason.

About The Author
Aiman Maulana
Jack of all trades, master of none, but oftentimes better than a master of one. YouTuber, video editor, tech head, and a wizard of gaming. What's up? :)

Let's Discuss It Further