Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Chrome Security IT Technology

Google Removes 49 Chrome Extensions Caught Stealing Crypto-Wallet Keys (zdnet.com) 18

Google has removed 49 Chrome extensions from the Web Store that posed as legitimate cryptocurrency wallet apps but contained malicious code that stole crypto-wallet private keys, mnemonic phrases, and other raw secrets. From a report: The 49 extensions were discovered by Harry Denley, Director of Security at the MyCrypto platform, who shared his findings exclusively with ZDNet last week. Denley says the 49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor. "Whilst the extensions all function the same, the branding is different depending on the user they are targeting," Denley said. The MyCrypto security researcher says he has identified malicious extensions posing as known crypto-wallets apps such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.
This discussion has been archived. No new comments can be posted.

Google Removes 49 Chrome Extensions Caught Stealing Crypto-Wallet Keys

Comments Filter:
  • So good for them on doing that, bad for them on taking months (if not years) to figure that out. Chrome extensions are proving to be a quick and easy way to install malware.
  • Stay safe (Score:4, Interesting)

    by slazzy ( 864185 ) on Tuesday April 14, 2020 @03:34PM (#59946748) Homepage Journal
    Really you need to use two browsers to stay safe, one without any plugins to stay safe for banking and important things. Use another browser for plugins which you might need... Firefox tends to have all the same plugins as chrome, personally I keep chrome plugin free and use it for important tasks - Firefox I use for web development and have some plugins.
    • Really you need to use two browsers to stay safe, one without any plugins to stay safe for banking and important things. Use another browser for plugins which you might need... Firefox tends to have all the same plugins as chrome, personally I keep chrome plugin free and use it for important tasks - Firefox I use for web development and have some plugins.

      If you do firefox -p username (use a link) it allows you to create and then start a second instance without plugins with the profile username. I only use extensions packaged by my distro and some google opt-out thing. Running unknown code just does not seem to be the right thing to do [tm].

    • I'd honestly take it a step further and keep a separate VM, especially if it's a machine that someone else might be using, particularly kids.
    • Sandboxie was just open sourced and works very well. I use it religiously.

  • I'm sure that getting their extension removed really hurt their feelings. Does that count as punishment?

  • by trawg ( 308495 ) on Tuesday April 14, 2020 @06:23PM (#59947300) Homepage

    It seems more overwhelming and confusing than the Android model, where you are presented with a screen full of confusing jargon asking for a million different permissions, that people seem to ignore anyway if it means they get the latest video sharing app. And if random exploits can read arbitrary data from anywhere in the browser which is what seems like happened here(?), it sounds even less secure. There's not a lot of technical info in the source article [medium.com] that TFA seems to be based on.

    Just had a quick look through the few Chrome extensions I have (all disabled); they mostly seem to require permissions like "Allow this extension to read and change all your data on websites you visit", which I guess is probably what these malicious extensions used to get the data they want to steal.

    Google Docs Offline has "Communicate with cooperating websites"(?!). It seems I have to go read the developer documentation to figure out what the hell this means.

    • Because the whole concept is bad.

      "Let's allow people to make programs that run in our program! What could possibly go wrong?" is bad.
      "Let's use a third party's software to provide an interface to our systems" is bad.

      The end result is: "Let's use third party software, that may or may not be secure and which is running programs from fourth parties that may or may not be able to capture data, act as an interface for our systems where customers are inputting personally identifying information, financial in

  • Seriously, who didn't see this coming?

    "Oh hey I'll just put this free app on my phone and let it do whatever it wants, what could possibly go wrong?"

  • I never figured how the crypto coin security model could possibly work in practise. The key manager is such an obvious unworkable weak point.
  • So now we're back to Chrome/Google mining for user data.

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...