Overview-
- Google Chrome’s extension Ethereum Wallet implants a malicious JavaScript to steal data.
- Cryptocurrency wallet, named Shitcoin Wallet, seems to be targeting Binance, MyEtherWallet, and other websites that contain user credentials and other private keys to cryptocurrency.
The Google Chrome’s extension Ethereum Wallet implants a malicious JavaScript to steal user data tweets an expert of the cybersecurity and anti-phishing Henry Denley.
According to the tweet from Henry Denley, the Chrome browser’s cryptocurrency wallet called the Shitcoin Wallet is focussing on the Binance, MyEtherWallet, and other websites that contain the user credentials and other private keys to the cryptocurrency.
The extension called – ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – works after downloading the javascript from the remote server. Once downloaded the code starts searching for the open pages of exchanges and the other Ethereum network tools and starts copying the user credential data. The data collected is then sent to a different remote server called the – “erc20wallet.tk,”. This server seems to belong to Tokelau, a group of South Pacific Islands a part of New Zealand’s territory.
Recently, Google removed the MetMask Ethereum Wallet application from the Google Play Application Store. Apple also has plans to remove Coinbase’s DApp browser from Apple’s App Store. Other incidents were also seen, such as cryptojacking, i.e., the user’s computer is used to mine the cryptocurrencies secretly.
Shitcoin Wallet is an Ethereum wallet that was introduced on December 9. The wallet has many extensions for different browsers. The wallet claims to have more than 2000 users. Recently Shitcoin Wallet also launched a desktop application that gave away 0.05 ETH to the users who downloaded the app. The users who downloaded the application are now at risk of having their data and information to be compromised.