April 16, 2020 – 49 cryptocurrency phishing extensions on Chrome was removed by Google after it received a report about these extensions’ phishing activity.
The report was made by Harry Denley of the crypto wallet company MyCrypto. According to him, his startup has kept an eye on any type of attack that comes to crypto users on a daily basis and then write about it to educate the community.
Mr. Denley said they have noticed an increase in campaigns that push for fake browser extensions via Google Ads. Based on their research, these are the brands that have been targeted by malicious extensions:
The extensions are phishing for secret mnemonic phrases, private keys, and keystore files. These are important items that keep a person’s crypto wallet safe. If these extensions successfully make the user give their phrases, keys, or files, the “bad actors” will receive them who will then proceed to empty the users’ accounts.
The research revealed that the majority of the phishing extensions are from the same bad actors or groups.
The extensions have “good reviews” on the Google Chrome Web Store. Some of these reviewers have the same reviews (copypasted), while there are other commenters who were warning the others not to install the extensions.
Furthermore, the analysis confirms that these dubious extensions started appearing on the Google Chrome Web Store beginning in February 2020, with a rapidly increasing release of extensions from March to April 2020. Mr. Denley said it’s either their detection of such things are getting better, or just that malicious extensions targeting crypto users are “growing exponentially”.
Furthermore, they tried becoming victims by sending their keys, however, their funds were not automatically swept. Mr. Denley said this could mean that the bad actors are only interested in accounts that have high value or that the bad actors need to manually sweep accounts.
Lastly, Mr. Denley said his team at MyCrypto and Anti-Phishing firm PhishFort reported their findings to Google, which removed the extensions within 24 hours. Here are some tips to avoid becoming a victim of crypto phishing browser extensions:
- Know what permissions you are giving to the extension you are installing and understand the risk involved. Remove the extension if you think the permissions it is asking is beyond the scope of the extension’s use.
- Limit extensions to only execute on certain domains whenever you click the extension icon.
- Consider creating a separate browser that you use only for cryptocurrency-related activity.
This article is published on BitPinas: Google Removes Crypto Data-Stealing Phishing Extensions