New revelations by crypto-oriented cybersecurity experts show that many hackers are going phishing in Google Chrome’s browser stream.
In a Medium post yesterday, Harry Danley, who runs security over at the MyCryptoWallet operation, details how he got no less than 49 Google Chrome extensions removed from the platform after identifying phishing tools targeting a spectrum of wallets including those made by Ledger, Trezor and KeepKey.
Denley specifies that these extensions illegitimately asked users to enter “mnemonic phrases, private keys and key store files” that then went to thieves who took cryptocurrencies out of the wallets.
“We have found a range of extensions targeting brands and cryptocurrency users,” Denley writes. “Whilst the extensions all function the same, the branding is different depending on the user they are targeting.”
Denley also found that hackers had registered a collection of new domains in order to spoof legitimate tools. In a detailed explanation, he chronicles how many of these fake extensions present a seemingly legitimate face, but stop functioning after the critical information is entered, leading users to think that there’s something wrong with the application and abandoning it without a second thought.
“(The spoof) looks the same as your typical MyEtherWallet experience until you type in your secrets,” Denley writes. “After you’ve submitted them, the malicious application sends your secrets back to the server controlled by the bad actor(s) before sending you back to the default view, and then does nothing…”
This kind of phishing is extremely sophisticated and hard to stop. Removing the extensions is the best way to protect users, but what about any others that are still operating under the radar?
Think about these issues if you have cryptocurrency assets in wallets, and consider how various types of independent cold storage can help make an end run around these chilling cyberattacks.
