The Hacker News Logo
Subscribe to Newsletter

Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Malicious Chrome Browser Extension Hijacks CryptoCurrency and Online Wallets
Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently.

The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store for free downloads and developed by "TheTrollBox" account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions.

HOW CHROME EXTENSION STEALS CRYPTOCURRENCY
It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users’ web activity and looks for those users who go to Cryptocurrency exchange sites such as Coinbase and MintPal.

After realizing that the user is performing a transaction in digital coins, the malicious extension replaces the receiving address, where the user is trying to transfer his Cryptocurrency, with the a different BTC address of its own (attacker's bitcoin address) 

The same happened to a Reddit user, who had been reported this activity from the Cryptocurrency exchange MintPal in a withdrawal confirmation. After then he posted a Warning about the rogue extension on Reddit, advising all to “Be careful of what you install on your devices you use to access your wallets.”

OTHER CHROME EXTENSIONS FROM SAME DEVELOPER
TheTrollBox, the developer of malicious 'Cryptsy Dogecoin (DOGE) Live Ticker' Chrome extension has also developed 21 more similar extensions, which are currently available on Google Chrome Store. These Chrome extensions  also could be susceptible to have malicious code, and Google has not taken any action against the reported chrome extensions.

If you have installed any of the followings extensions, then you should remove them as soon as possible:
MALWARE vs DIGITAL COINS
As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Due to an increase in the value of digital coins, cyber criminals has added it in their watchlist and making every effort to steal your virtual money.

We have seen Android malware distributed by cyber criminals on Google play store that have hidden Coinkrypt malware, which had capability to turn your mobile device into crypto-currency miners, also cybercriminals spreading malware through Home appliances in order to mine virtual currencies, and now they are started editing software extensions with malicious codes to grab users digital coins.

PROTECT YOUR WALLETS
Users are advised to choose a Crypto currency exchange or wallet service that enables two-factor authentication for the high level of security of their virtual wallets, as two-factor authentication required more than one device, which will eventually decrease the chances of malicious malware modifying changes to your transactions.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.