Security News > 2020 > April > 49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.
"Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.
All the extensions functioned alike, the only difference being the cryptocurrency wallet brands that were impacted - such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey - via 14 unique command-and-control servers that received the phished data.
Data stealing extensions have been a regular occurrence on the Chrome Web Store, leading Google to purge them as soon as they're discovered.
Back in February, the company removed 500 malicious extensions after they were caught serving adware and sending users' browsing activity to C2 servers under the control of attackers.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/n_qcjIqhu2c/chrome-cryptocurrency-extensions.html
Related news
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)