Recently, Google has removed malicious 49 Chrome browser extensions from its web store that pretended as cryptocurrency wallets. The extensions were caught hijacking users' wallets by containing malicious code to phish and steal sensitive information and then empty all the cryptocurrencies from the wallets.
Fortunately, the extensions have been identified by the researchers from MyCrypto and PhishFort. MyCrypto is an open-source tool to interact with the blockchain, while PhishFort sells anti-phishing protection. They believe that the extensions were potentially the work of Russian threat actors.
How does it work?
The extensions were phishing for sensitive information such as mnemonic phrases, private keys, and Keystore files, explained by Harry Denley, the Director of Security at MyCrypto. He also mentioned that the extensions would send an HTTP POST request to its backend which leads to the bad actors being able to empty the wallets once users have entered the sensitive information.
ano masasabi nyo dito mukhang nauuso nanaman yung mga hijacking ngayon. base sa kanilang suggestions wag gumamit nang browser based wallet or yung mga wallet na naka plugin sa browser. maaring gumamit lamang nang hardware wallet or stand alone wallet..
ano nanaman kaya dahilan nila ei napakababa nang market ngayon.