Installing browser extensions is practical because they can offer convenience, improve efficiency, allow personalization and customization, and even increase security. But since they only run within web browsers— outside the scope of antivirus software – it’s easy for malicious parties to make users feel a false sense of security as their data get compromised. In fact, in the first half of April alone, Google removed 49 Chrome extensions for stealing crypto wallet keys.
There are several ways that malicious authors scam unsuspecting users through browser extensions. In the example given above, the author launched a phishing attack on by posing as legitimate crypto wallets and sending sensitive information to the author. Some may be programmed to steal credentials and automatically steal crypto or fiat money when users log in to their wallets or online banks. Others gain access to authentication tokens or record sessions in the browser, allowing the authors to easily pose as the legitimate user and access their accounts and sensitive documents. Others may be legitimate extensions but may have weak security that malicious parties can take advantage of without the users and developer knowing until it is too late.
That’s not saying that most browser extensions pose high security risks – in fact, there are still many legitimate and helpful extensions available, but users will have to be vigilant and meticulous before installing anything. However, there is still a simple solution for users who to access their crypto wallets through their browsers: install a browser that will be solely used for crypto wallets and transactions. Better yet, install a browser with an integrated and secure cryptocurrency wallet – Osiris browser has a secure integrated Spyce multiwallet, which can hold its native cryptocurrency and other ERC-20 based tokens. The browser is available for mobile (Android and iOS) and Windows PC.