Malicious extension for Google Chrome, aimed at stealing cryptocurrency assets users, has been downloaded at least 230 times before the search giant has detected and removed it. This was stated by the researcher of cyber security problems Harry Denly in his blog.
According to Danli, the attackers sent out ERC20-token Huobi random Airdrop to Ethereum address a proposal to switch to the page allegedly created by the exchange Huobi to conduct airdrop.
When you go to the website, the user received the notification, positioned as a built-in feature of Chrome, in which he offered to download the extension called “NoCoin — Block Coin Miners” to fight with a hidden mining.
If the browser has been activated extension MetaMask, to show another notification, imitating standard MetaMask from malicious sites, but contained a link to the same extension that the original purse does not provide.
“Initially concerned that the expansion does what it should, it found several CryptoJacking scripts. The extension was attractive interface, in which it reported on the work performed,” writes the researcher.
That the extension is not reported is the fact that it is able to steal user data wallets MyEtherWallet (MEW) and Blockchain.com that is then transferred to the cyber criminals.
How long the malicious extension was available for Chrome users and what was the extent of the damage from actions of malefactors, unknown.
Discuss current news and events on the Forum