Google has removed 49 cryptojacking Chrome extensions from its web store which posed as authorized digital currency wallets applications. The extensions contain a harmful code that steals the user’s crypto wallet private keys mnemonic sentence and other raw private data.
According to ZDNET, the 49 cryptojacking Chrome extensions were unearthed by the Director of Security at MyCrypto, Harry Denley a week ago. According to the founder, all the malicious extensions were developed in the Russian Federation.
Moreover, the phishing extensions were distributed among cryptocurrency users as if they were the official applications of MyEtherWallet, Trezor, Ledger, Jaxx, MetaMask among other popular cryptocurrency wallets.
Indeed, the extensions functioned almost in similar fashion to the official applications, only that they transferred the user’s information to the attackers via alternate servers; or through Google forms.
Are the 49 cryptojacking chrome extensions targeting huge accounts?
According to the MyCrypto security researcher, the attackers don’t steal the victim’s digital assets instantly. Delaney claims that he filled the credentials of an experimental account, however, the attackers did not steal the crypto assets immediately.
As per the security researcher, the creators of the malicious extensions are either aiming for large accounts or, they are yet to resolve how to effectively carry on with the theft. Due to the nature of the majority of digital currencies, it is almost impossible to recover stolen funds.
Nevertheless, Delaney stated that the attackers are actively stealing cryptocurrencies. He claims that he has linked some publicly revealed thefts to the 49 cryptojacking Chrome extensions that he has been monitoring.
Beware of other phishing extensions on Google web store
The creator of the malicious cryptocurrency jacking extensions is still anonymous and at large. Due to this reason, other harmful extensions are expected to emerge in the web store over the coming weeks.
The cryptocurrency security research expert is calling for users to file reports on the CryptoScamDB if they have reasons to believe that Chrome extensions might be behind potential loss of crypto or illegal wallet access. The reports will enable the extensions to be easily discovered and pulled down from the Chrome Store.