Google Chrome users who’ve downloaded these extensions are in serious danger

Google Chrome users have been placed on alert about a number of dangerous extensions available for the web browser. As revealed in a new post by HackRead, researchers from security firms PhishFort and MyCrypto have highlighted 49 Chrome extensions found to be engaging in malicious activity that could be putting you at risk.

These extensions pretend to be cryptocurrency wallet tools, but in fact contain malware that steals confidential information. If you’ve been relying on these small add-ons for Chrome for important financial transactions – that could leave your sensitive data at serious risk.

Details that can be stolen by the Chrome extensions include keys to private wallets and set phrases used to retrieve a lost wallet. And scammers have been using Google Adwords to help spread these fake Chrome extensions.

Researchers revealed in a blog post that these fake extensions hit the Chrome Web Store in February, with an increase in March and then a rapid spike in April.


  • Google Chrome finally gets serious competition: will YOU switch?

The study found that Ledger was the brand most targeted by these malicious extensions, with MyEtherWallet next and then Trezor. Researchers reported the affected extensions to Google and within 24 hours they were taken down.

However, if you still have the extensions installed on your machine – you’ll need to disable them yourself to ensure your data remains safe.

Discussing their findings, MyCrypto’s Harry Denley said: “We have found a range of extensions targeting brands and cryptocurrency users. Whilst the extensions all function the same, the branding is different depending on the user they are targeting.”

Denley added: “Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files. Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts.”

The MyCrypto blog piece also went provided advice for how cryptocurrency investors can stay safe when downloading extensions from the Google Chrome Web Store.

Denley advised…

• Familiarise yourself with what permissions each of your browser extensions have by going to chrome://extensions/ and clicking on the “Details” tab for each extension.

• Understand the risks associated with each permission.

• Consider removing the extension if it has permissions that you feel are out of scope of the extension use.

• Limit extensions to only execute on certain domains or when you click the extension icon in the top right corner of your browser.

• Consider creating a separate browser user that you use solely for cryptocurrency data — this will limit any attack surface scope, and a separation of concerns (personal and cryptocurrency profiles), increasing the privacy related to your cryptocurrency profile.

Source: Read Full Article