Before we proceed with the news, it is important to be aware of the security threat plaguing some Google Chrome browsers right now. If you come across any advertisements that are promoting an airdrop and claiming to distribute tokens for Huobi – a popular cryptocurrency exchange desk – be very cautious with them as they may be malicious. Malicious advertisements are being designed in this template which claims to distribute popular cryptocurrencies for free or a fraction of their original price but actually ends up emptying out your crypto wallets.
A renowned security researcher Harry Denley – the man behind the popular anti-phishing awareness database known as EtherscamDB – has recently discovered a phishing campaign that makes victims unknowingly download a malicious extension for Google Chrome and is programmed to capture the private keys of all the wallets installed on the victim’s computer.
The malicious extension called NoCoin is very neatly built and is disguised to look like an application that blocks malicious crypto-jacking scripts. Crypto-jacking as a term used to define the action of maliciously taking over the processing resources of the victim’s computer to mine cryptocurrencies. Hackers target thousands of insecure computers at a time to crypto-jack and mine cryptocurrencies for them. NoCoin looks very similar to the popular crypto-jacking blocker extension known as MinerBlock.
To make things look even more authentic, the hackers developed a fake ERC20 token called Huobi. Even though the website claims that the token is an airdrop platform, the website makes users download the malicious extension. The malicious scripts in the application targets Blockchain.com and MyEtherWallet users.
According to the screenshots provided by Harry Denley, the extension was downloaded by 230 users. Google has taken actions against the extension and removed it from the extension store of Google Chrome.
Phishing is a very common and very effective technique in hacking which, if played right, can get the hacker access to almost every single personal detail of the victim. In simple terms, a phishing attack is carried out by taking the victim to a webpage or a login screen that is known to be trusted by the victim. The screen or webpage is programmed on the backend to send the data entered by the user to the hacker. For instance, hackers can modify Facebook’s login page to look exactly the same but send the user input to a different destination. The only protection against phishing attacks is awareness and cautiousness while you are on the internet.
This incident isn’t the first time Google’s defenses have let malicious code get past it. An investigation conducted by TheNextWeb’s Hard Fork revealed that a considerable amount of crypto malware applications were being hosted on Google Play Store. Google only removes these malicious applications when a public outcry occurs. Unfortunately, a few people are already affected by these applications before the tech giant decides to take actions against the applications.