Security News > 2020 > May > Fake crypto-wallet extensions appear in Chrome Web Store once again, siphoning off victims' passwords

Fake crypto-wallet extensions appear in Chrome Web Store once again, siphoning off victims' passwords
2020-05-06 20:55

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted - and some are still available to download. The dodgy add-ons masquerade as legit crypto-wallet extensions, and invite people to type in their credentials to access their digital money, but are totally unofficial, and designed to siphon off those login details to crooks.

Denley provided The Register with a list of extension identifiers, previously reported to Google, and we were able to find some still available in the Chrome Web Store at time of writing.

Finlay told The Register that if Google wants to run the Chrome Web Store with few people, then they should implement systems to automatically enforce brand and trademark restrictions for the store and its ad platforms.

Google's Chrome Web Store developer agreement forbids developers from violating intellectual property rights, which probably doesn't mean much to committed law-breakers.

A week ago, Google announced yet more restrictions aimed at cleaning up the Chrome Web Store, noting "The increase in adoption of the extension platform has also attracted spammers and fraudsters introducing low-quality and misleading extensions in an attempt to deceive and trick our users into installing them to make a quick profit."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/