Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Crypto

A malicious Chrome browser extension is stealing your digital coins

A user raised an alert on Reddit, on the presence of a malicious Chrome browser extension, on the official store, that is able to steal digital coins. Security experts have recently observed a significant increase for the number of malicious browser extensions, malware authors are exploiting the usage of browser addons to conduct illicit activities. Today […]

google chrome extensions

A user raised an alert on Reddit, on the presence of a malicious Chrome browser extension, on the official store, that is able to steal digital coins.

Security experts have recently observed a significant increase for the number of malicious browser extensions, malware authors are exploiting the usage of browser addons to conduct illicit activities. Today we discuss about a new browser extension of Google Chrome, dubbed Cryptsy Dogecoin (DOGE) Live Ticker, that according security community is targeting crypto currencies schema. The browser extension was designed by cyber criminals to steal Bitcoins and other crypto coins.

Malware authors with increasing frequency are targeting crypto currency users, the trend is motivated by the desirable value of the digital coins and by the simplicity to arrange malicious campaigns targeting them.

The alert was raised by user on Reddit which observed that the browser extension on the store extension include a malicious code designed to target and hijack the crypto currency transactions.

malicious chrome browser extension
The malicious Chrome browser extension is available on the official Chrome Web store for free downloads, it was issued by “TheTrollBox” user.
“If you use any extensions in your browser, you’re vulnerable to updates which happen automatically without your knowing. This means you can be using it for weeks/months until the bad author updates the addon/extension with malicious code. It appears the author made an update today to steal Ð among other digital currencies 🙁 The extension is Cryptsy Dogecoin (DOGE) Live Ticker There is likely similar tickers for other currencies. “
The Chrome browser extension specifically targets crypto-currency community, once downloaded and installed by the user, it monitors victim’s web activity, monitoring user’s access to Cryptocurrency exchange sites such as Coinbase and MintPal. Once the browser extension detects that the victim is performing a virtual currency transaction, it silently modifies the parameter of the transaction. The malicious browser extension in fact replaces the receiving address with the one manage by the attacker.
The unpleasant experience happened to the Reddit user that promptly launched the alert after receiving confirmation from MintPal of a withdrawal made by the browser extension.
The author of the malicious Chrome browser extension has also developed 21 more similar extensions, all available in the Google Chrome Store. It is strongly suggested to review their code and anyway to track this user. The extensions are:
What can you do to protect yourself against it? 
“Use Chrome without extensions whenever dealing with bitcoins online. Either start Chrome with chrome –disable-extensions, or use private mode (check carefully that all extensions are disabled in private mode).
When viewing a recipient’s bitcoin address on screen, check the source code of the page to see if it shows exactly the same address. In Chrome, press CTRL+U and look for the address. A code inspector (e.g. the one that opens by pressing F12) won’t work since it shows you the code including changes made by Javascript after having loaded the page.”

Pierluigi Paganini

(Security Affairs –  Chrome extension, malware, Bitcoin)