TOP > News > Google Removes Crypto Data-Stealing Phishing Extensions
April 16, 2020 Published

49 cryptocurrency phishing extensions on Chrome was removed by Google after it received a report about these extensions’ phishing activity.

April 16, 2020 – 49 cryptocurrency phishing extensions on Chrome was removed by Google after it received a report about these extensions’ phishing activity.

The report was made by Harry Denley of the crypto wallet company MyCrypto. According to him, his startup has kept an eye on any type of attack that comes to crypto users on a daily basis and then write about it to educate the community.

Mr. Denley said they have noticed an increase in campaigns that push for fake browser extensions via Google Ads. Based on their research, these are the brands that have been targeted by malicious extensions:

  • Ledger
  • Trezor
  • Jaxx
  • Electrum
  • MyEtherWallet
  • MetaMask
  • Exodus
  • KeepKey

The extensions are phishing for secret mnemonic phrases, private keys, and keystore files. These are important items that keep a person’s crypto wallet safe. If these extensions successfully make the user give their phrases, keys, or files, the “bad actors” will receive them who will then proceed to empty the users’ accounts.

The research revealed that the majority of the phishing extensions are from the same bad actors or groups.

The extensions have “good reviews” on the Google Chrome Web Store. Some of these reviewers have the same reviews (copypasted), while there are other commenters who were warning the others not to install the extensions.

Furthermore, the analysis confirms that these dubious extensions started appearing on the Google Chrome Web Store beginning in February 2020, with a rapidly increasing release of extensions from March to April 2020. Mr. Denley said it’s either their detection of such things are getting better, or just that malicious extensions targeting crypto users are “growing exponentially”.

Furthermore, they tried becoming victims by sending their keys, however, their funds were not automatically swept. Mr. Denley said this could mean that the bad actors are only interested in accounts that have high value or that the bad actors need to manually sweep accounts.

Lastly, Mr. Denley said his team at MyCrypto and Anti-Phishing firm PhishFort reported their findings to Google, which removed the extensions within 24 hours. Here are some tips to avoid becoming a victim of crypto phishing browser extensions:

  1. Know what permissions you are giving to the extension you are installing and understand the risk involved. Remove the extension if you think the permissions it is asking is beyond the scope of the extension’s use.
  2. Limit extensions to only execute on certain domains whenever you click the extension icon.
  3.  Consider creating a separate browser that you use only for cryptocurrency-related activity.

Sources: Cointelegraph, MyCrypto

This article is published on BitPinas: Google Removes Crypto Data-Stealing Phishing Extensions

About BitPinas:

BitPinas is an independent blockchain, finance, and cryptocurrency news site covering the crypto and blockchain news and developments in the Philippines. We aim to be the website where you can find all information on blockchain and crypto in the Philippines. We are read by investors and enthusiasts alike, including crypto/blockchain company founders and government personnel. Contact for more information, consulting advice, and partnerships. Follow us on Facebook and Twitter.

Contact and Subscribe to BitPinas:

  • Subscribe to our newsletter delivered every Monday, Friday, or when there’s breaking news you need to read on your email.
  • Join BitPinas on Telegram
  • Follow on Facebook and Twitter for the latest news and updates
  • Disclaimer: All articles on BitPinas must be treated as not an investment adviceReaders are encouraged to do their own research. This website is not responsible for any loss incurred by the reader, nor will it take credit for their gains.
  • For news tips, partnership discussions, or press release submissions, please send to

Leave a Reply