Chrome Extension Stealing Cryptocurrency Keys and Passwords

by
janrinok
from SoylentNews on (#4XH6W)

upstart writes in with an IRC submission for SoyCow1337:

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords:

A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

The extension is named Shitcoin Wallet (Chrome extension ID: ckkgmccefffnbbalkmbbgebbojjogffn), and was launched last month, on December 9.

According to an introductory blog post, Shitcoin Wallet lets users manage Ether (ETH) coins, but also Ethereum ERC20-based tokens -- tokens usually issued for ICOs (initial coin offerings).

Users can install the Chrome extension and manage ETH coins and ERC20 tokens from within their browser, or they can install a Windows desktop app, if they want to manage their funds from outside a browser's riskier environment.

However, the wallet app wasn't what it promised to be.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments