InsideBitcoins.com

Chrome Extension Discovered To Steal Crypto-Wallets’ Private Keys

Chrome Extension Discovered To Steal Crypto-Wallets’ Private Keys

Recently, an extension in Google Chrome has been caught injecting malicious JavaScript code on web pages. This code allows the extension to steal various passwords and private keys from the internet user’s Bitcoin wallets and cryptocurrency portals.

Badly Named with Bad Intents

The extension is rather tastelessly named Shitcoin Wallet, holding an extension ID of ckkgmccefffnbbalkmbbgebbojjogffn. The extension launched last month, or rather last year, on the 9th of December, 2019.

The introductory blog post to this extension, the group behind it describes Shitcoin Wallet as a wallet that allows users to buy Ethereum coins and manage properly. Coupled with this, Shitcoin Wallet allows for ERC20-based tokens as well, the kind of tokens usually doled out by way of Initial Coin Offerings or ICOs.

Very Convenient, But Tarnished

This Chrome extension, if it were only benign, served an instrumental purpose. Users could install the extension and manage both ETH and its ERC-20 coins within their own web browser. Furthermore, users are capable of installing a desktop app for Windows should they wish to manage their funds outside the bounds of a browser’s higher-risk environment.

Things started to fall apart afterward, with Harry Denley being the instigator of the collapse. Denley is the Director of Security at the MyCrypto platform and discovered that the extension held malicious code inside it. It seems nothing can just be for the good of all humanity.

Denley explained that the extension was dangerous in two significant ways. The first was that any form of funds that were managed directly within the extension was at risk. This is due to the extension sending the private keys of any, and all wallets managed or created within its interface to a third party website, located at the address erc20wallet[.]tk.

The second key issue is its active code injection of Javascript code whenever a user navigates to five popular and well-known cryptocurrency management platforms. With the malicious code injected, the extension steals the private keys and login details of those platforms as well, sending it to the same third-party website.

Step By Step

A detailed analysis of the code shows the process, step-by-step. First, the user installs the extension, which then requests permission to inject more JavaScript code on 77 websites. When one of these 77 websites are accessed, the extension loads then injects another JavaScript File from https://erc20wallet[.]tk/js/content_.js. This file contains obfuscated code that activates on five other websites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange. This code, in turn, logs private keys and login information that a user creates, sending it to the third-party website.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.