Badly Named with Bad Intents
The extension is rather tastelessly named Shitcoin Wallet, holding an extension ID of ckkgmccefffnbbalkmbbgebbojjogffn. The extension launched last month, or rather last year, on the 9th of December, 2019.
The introductory blog post to this extension, the group behind it describes Shitcoin Wallet as a wallet that allows users to buy Ethereum coins and manage properly. Coupled with this, Shitcoin Wallet allows for ERC20-based tokens as well, the kind of tokens usually doled out by way of Initial Coin Offerings or ICOs.
Very Convenient, But Tarnished
This Chrome extension, if it were only benign, served an instrumental purpose. Users could install the extension and manage both ETH and its ERC-20 coins within their own web browser. Furthermore, users are capable of installing a desktop app for Windows should they wish to manage their funds outside the bounds of a browser’s higher-risk environment.
Things started to fall apart afterward, with Harry Denley being the instigator of the collapse. Denley is the Director of Security at the MyCrypto platform and discovered that the extension held malicious code inside it. It seems nothing can just be for the good of all humanity.
Denley explained that the extension was dangerous in two significant ways. The first was that any form of funds that were managed directly within the extension was at risk. This is due to the extension sending the private keys of any, and all wallets managed or created within its interface to a third party website, located at the address erc20wallet[.]tk.
Step By Step