Google distributed malicious Chrome app designed to steal your cryptocurrency

Be wary if you come across ads that promote an airdrop, distributing tokens for popular cryptocurrency exchange desk Huobi: the offer might be fake, and you might be getting swooped into an elaborate ploy designed to steal your coins.

Security researcher Harry Denley, who maintains popular anti-phishing database EtherscamDB, has unearthed a phishing campaign that tricks victims into downloading a malicious Chrome extension, programmed to get a hold of your wallet‘s private keys.

What makes the attack vector particularly sneaky is that the Chrome extension – called NoCoin – was disguised as an app to block surreptitious cryptocurrency mining (also known as crypto-jacking). Indeed, the malicious extension looks pretty much identical to popular crypto-jacking blocker, MinerBlock.

Credit: MyCrypto

To get users to download the infected extension, the hackers built a fake ERC20 token named after Huobi. The token was distributed via a website, which despite claiming to be an airdrop platform, invited visitors to download the malicious app.

Once installed, the fake mining blocker targeted users of wallet solutions MyEtherWallet and Blockchain.com.

The malicious extension had been downloaded by at least 230 users, according to screenshots provided by Denley. Fortunately, Google has since wiped it from the Chrome Web Store.

For the record, this isn’t the first time hackers have managed to sneak malware past Google’s defensive mechanisms. Last year, an investigation by Hard Fork found Google hosted a disturbing amount of cryptocurrency malware on its Android software distribution platform Google Play.

For those interested in a closer look at the elaborate phishing scam, Denley has detailed it in a Medium post here.

Did you know? Hard Fork has its own stage at TNW2019, our tech conference in Amsterdam. Check it out.

Published March 15, 2019 — 11:45 UTC

Mix

Mix

March 15, 2019 — 11:45 UTC

Read More

Did you like this?
Tip Cryptos UK with Cryptocurrency

Donate Bitcoin to Cryptos UK

Scan to Donate Bitcoin to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Cryptos UK

Scan to Donate Bitcoin Cash to Cryptos UK
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Cryptos UK

Scan to Donate Ethereum to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Cryptos UK

Scan to Donate Litecoin to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Cryptos UK

Scan to Donate Monero to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Cryptos UK

Scan to Donate ZCash to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some ZCash:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.