Categories: Cyber CrimeDigital IDMalware

A malicious Chrome browser extension is stealing your digital coins

google chrome extensionsgoogle chrome extensions

A user raised an alert on Reddit, on the presence of a malicious Chrome browser extension, on the official store, that is able to steal digital coins.

Security experts have recently observed a significant increase for the number of malicious browser extensions, malware authors are exploiting the usage of browser addons to conduct illicit activities. Today we discuss about a new browser extension of Google Chrome, dubbed Cryptsy Dogecoin (DOGE) Live Ticker, that according security community is targeting crypto currencies schema. The browser extension was designed by cyber criminals to steal Bitcoins and other crypto coins.

Malware authors with increasing frequency are targeting crypto currency users, the trend is motivated by the desirable value of the digital coins and by the simplicity to arrange malicious campaigns targeting them.

The alert was raised by user on Reddit which observed that the browser extension on the store extension include a malicious code designed to target and hijack the crypto currency transactions.

The malicious Chrome browser extension is available on the official Chrome Web store for free downloads, it was issued by “TheTrollBox” user.
“If you use any extensions in your browser, you’re vulnerable to updates which happen automatically without your knowing. This means you can be using it for weeks/months until the bad author updates the addon/extension with malicious code. It appears the author made an update today to steal Ð among other digital currencies 🙁 The extension is Cryptsy Dogecoin (DOGE) Live Ticker There is likely similar tickers for other currencies. “
The Chrome browser extension specifically targets crypto-currency community, once downloaded and installed by the user, it monitors victim’s web activity, monitoring user’s access to Cryptocurrency exchange sites such as Coinbase and MintPal. Once the browser extension detects that the victim is performing a virtual currency transaction, it silently modifies the parameter of the transaction. The malicious browser extension in fact replaces the receiving address with the one manage by the attacker.
The unpleasant experience happened to the Reddit user that promptly launched the alert after receiving confirmation from MintPal of a withdrawal made by the browser extension.
The author of the malicious Chrome browser extension has also developed 21 more similar extensions, all available in the Google Chrome Store. It is strongly suggested to review their code and anyway to track this user. The extensions are:
What can you do to protect yourself against it?
“Use Chrome without extensions whenever dealing with bitcoins online. Either start Chrome with chrome –disable-extensions, or use private mode (check carefully that all extensions are disabled in private mode).
When viewing a recipient’s bitcoin address on screen, check the source code of the page to see if it shows exactly the same address. In Chrome, press CTRL+U and look for the address. A code inspector (e.g. the one that opens by pressing F12) won’t work since it shows you the code including changes made by Javascript after having loaded the page.”

Pierluigi Paganini

(Security Affairs –  Chrome extension, malware, Bitcoin)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: Bitcoinbrowser extensionChromecrypto currencyCybercrimedigital coinsHackingmalwarevirtual currency
11 years ago

Recent Posts

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…

50 minutes ago

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

20 hours ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

1 day ago

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…

1 day ago

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…

2 days ago

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…

2 days ago