Delete these Google Chrome extensions now, or risk having your money stolen

(Image credit: Shutterstock)

Google has removed 49 malicious Chrome extensions from its Web Store following concerns that they were stealing cryptocurrency.

As reported by ZDNet, the malicious extensions all posed as cryptocurrency wallet apps but were actually stealing private keys to crypto-wallets as well as users' cryptocurrency.

The extensions were uncovered by MyCrypto's director of security Harry Denley, who noted that all 49 offerings appear to have been created by either the same person or group of people, believed to be a Russian-based threat actor. Additionally all of the extensions have the same functionality but their branding changes based on who they are targeting.

Denley was able to identify malicious extensions impersonating many well known crypto-wallet apps including Ledger, Trexor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey.

Malicious crypto-wallet extensions

All of the 49 malicious extensions function almost identically to legitimate ones except for the fact that any data entered by a user while setting them up was sent to the attacker's servers or to a Google Form.

While the attackers already have all of the information they need to start stealing users' cryptocurrency, Denley conducted a test in which he found that the funds from his crypto-wallet were not immediately stolen. He believes this is because the threat actor is either interested in only stealing from high-value targets or they haven't figured out how to automate the operation and need to manually access each account.

In a Medium post, MyCrypto explained that there has been an increase in malicious extensions targeting cryptocurrency over the past few months, saying:

“An analysis from our dataset suggests the malicious extensions started to hit the store slowly in February 2020, increased releases through March 2020, and then rapidly released more extensions in April 2020. This means that either our detection is getting much better, or that the number of malicious extensions hitting browser stores to target cryptocurrency users is growing exponentially. An analysis from our dataset suggests Ledger is the most targeted brand — without speculating, it’s hard to say why.”

Since the threat actor behind these malicious extensions has yet to be caught, they may likely try to launch a similar scheme in the future.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.