Malicious extensions for the Chrome browser continue to spring up just as quickly as the search giant cuts them down. This month, another 22 Google Chrome web browser extensions built to steal their user’s cryptocurrencies.
22 Google Chrome web browser extensions tried to steal users’ cryptocurrencies
Before, Google deleted 49 malicious Chrome extensions from the Chrome Web Store in mid-April after security researcher Harry Denley found them phishing cryptocurrency users. The extensions impersonate Chrome extensions for legitimate cryptocurrency wallets. Still, when installed, they steal the users’ private keys and other secrets used to access digital wallets so that their authors can steal victims’ funds. Now Denley has found more.
According to Naked Security, Denley explained:
“I found new ones each day. Pastebin entry showing the original 49 he reported in April, along with another 22. The new ones impersonated the Ledger, KeepKey, MetaMask, and Jaxx wallets. The IDs on the left are extension IDs, which show up at the end of an extension’s URL when viewed in the Chrome Store.”
Google had already taken down most of the offending wallets at the time of writing, and has been generally pretty responsive, according to Denley:
“Yeah, they have been, for the majority. Actioned my reports within 24 hours.”
Google announced new rules for the Chrome Web Store
Google has acknowledged a general problem with malicious extensions and has announced new rules for the Chrome Web Store.
Google said:
We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities, or fake reviews and ratings.
The report stated:
“The rules forbid developers from publishing multiple extensions that do the same thing and prohibits misleading metadata, including anonymous user testimonials in app descriptions. Developers can’t upload extensions that exist solely to launch another app or extension, and they shouldn’t send spam notifications.”
The problem, according to Dan Finlay, the lead developer at crypto wallet company MetaMask, is that Google allows phishing ads that point to fake extensions. Initially talking about shortcomings in the company’s manual extension review process, he said:
MEANWHILE, Google _keeps on approving phishers_. The quantity of impostor MetaMasks on the Chrome store has been growing, and apparently they all pass the manual security review. FURTHERMORE they are all allowed to buy premium Google ad space at the top of search results.
— Dan Finlay (@danfinlay) May 5, 2020
Weirdly, while Google has been quick to take down most fake cryptocurrency wallet extensions, one of the fake MetaMask extensions was still up, its listing reports 380 users.
Read more:
- Hackers Infected The Largest Private Hospital In Europe Fresenius With Crypto-Ransomware
- Bitcoin Suisse Is Raise Funding For $50 Million To Pursue Expansion Plans Moving Into The Banking Sector