Google has reportedly removed 49 Chrome extensions from the Web Store after MyCrypto Director of Security Harry Denley discovered that they were stealing crypto wallet keys. According to Denley, the extensions posed as legitimate cryptocurrency wallets but they contained malicious code that stole mnemonic phrases, wallet keys, and personal information, among others. Likewise, he said that some of the fake extensions had a network of fake users that gave them good reviews on the Web Store so that they look legitimate.
The phishing extensions look the same as a legitimate crypto wallet but do nothing when users input their keys – at least on the user’s end. However, the information that users input would be sent to the hacker who would then have the ability to access the user’s crypto wallet and steal its contents. Denley shared a video of how the malicious extensions worked.
Denley revealed that the fake extensions started showing up in the Chrome Web Store as early as February 2020 and slowly increased throughout March. Their dataset also showed that 63.26% of the extensions were published in April and some of them targeted trusted crypto wallet brands. Denley suggested that crypto owners should familiarize themselves with the extensions on their browser and what permissions they have – delete the extension if they’re not comfortable with the type and level of permission.
Another way to avoid falling victim to fake extensions is to install a separate browser that will be used solely for crypto data and wallets. Opera, for instance, is the first major browser with a native crypto wallet. Another option is Osiris browser, which also has an integrated multi cryptocurrency wallet that can safely hold secure ERC-20 based tokens.