Skip to main content

Google blocks 49 malicious Chrome extensions

(Image credit: Image Credit: Earl Jeffson / Flickr)

Google has removed a selection of malicious Chrome extensions from its Web Store  that aimed to steal cryptocurrency wallet keys from users.

According to a ZDNet report, the offending extensions were first spotted by cybersecurity researchers from MyCrypto and PhishFort.

“The extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, Director of Security at MyCrypto, in a blog post.

"Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."

According to Denley, the extensions targeted users of a number of popular cryptocurrency wallets, including Ledger, Trezoe, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeyKeep.

The data harvested was funneled to 14 command-and-control servers in Russia, which Denley believes all belong to the same cybercriminal syndicate.

The reviews attached to the extensions - which were propped up by phoney five-star ratings - reveal users attempted to warn others of the threat.

This is not the first time the Chrome Web Store has hosted malicious extensions - Google cleared out more than 500 extensions in February alone.