Categories: Cyber CrimeDigital IDMalware

A malicious Chrome browser extension is stealing your digital coins

A user raised an alert on Reddit, on the presence of a malicious Chrome browser extension, on the official store, that is able to steal digital coins.

Security experts have recently observed a significant increase for the number of malicious browser extensions, malware authors are exploiting the usage of browser addons to conduct illicit activities. Today we discuss about a new browser extension of Google Chrome, dubbed Cryptsy Dogecoin (DOGE) Live Ticker, that according security community is targeting crypto currencies schema. The browser extension was designed by cyber criminals to steal Bitcoins and other crypto coins.

Malware authors with increasing frequency are targeting crypto currency users, the trend is motivated by the desirable value of the digital coins and by the simplicity to arrange malicious campaigns targeting them.

The alert was raised by user on Reddit which observed that the browser extension on the store extension include a malicious code designed to target and hijack the crypto currency transactions.

The malicious Chrome browser extension is available on the official Chrome Web store for free downloads, it was issued by “TheTrollBox” user.
“If you use any extensions in your browser, you’re vulnerable to updates which happen automatically without your knowing. This means you can be using it for weeks/months until the bad author updates the addon/extension with malicious code. It appears the author made an update today to steal Ð among other digital currencies 🙁 The extension is Cryptsy Dogecoin (DOGE) Live Ticker There is likely similar tickers for other currencies. “
The Chrome browser extension specifically targets crypto-currency community, once downloaded and installed by the user, it monitors victim’s web activity, monitoring user’s access to Cryptocurrency exchange sites such as Coinbase and MintPal. Once the browser extension detects that the victim is performing a virtual currency transaction, it silently modifies the parameter of the transaction. The malicious browser extension in fact replaces the receiving address with the one manage by the attacker.
The unpleasant experience happened to the Reddit user that promptly launched the alert after receiving confirmation from MintPal of a withdrawal made by the browser extension.
The author of the malicious Chrome browser extension has also developed 21 more similar extensions, all available in the Google Chrome Store. It is strongly suggested to review their code and anyway to track this user. The extensions are:
What can you do to protect yourself against it?
“Use Chrome without extensions whenever dealing with bitcoins online. Either start Chrome with chrome –disable-extensions, or use private mode (check carefully that all extensions are disabled in private mode).
When viewing a recipient’s bitcoin address on screen, check the source code of the page to see if it shows exactly the same address. In Chrome, press CTRL+U and look for the address. A code inspector (e.g. the one that opens by pressing F12) won’t work since it shows you the code including changes made by Javascript after having loaded the page.”

Pierluigi Paganini

(Security Affairs –  Chrome extension, malware, Bitcoin)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: Bitcoinbrowser extensionChromecrypto currencyCybercrimedigital coinsHackingmalwarevirtual currency
10 years ago

Recent Posts

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…

52 mins ago

A cyber attack paralyzed operations at Synlab Italia

A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…

2 hours ago

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…

12 hours ago

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…

19 hours ago

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…

22 hours ago

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…

1 day ago

This website uses cookies.