Chrome Browser Extension Ethereum Wallet Injects Malicious JavaScript To Steal Data

An Ethereum wallet known as “Shitcoin Wallet” is reportedly injecting malicious javascript code from open browser windows to steal data from its users.

According to Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is targeting Binance, MyEtherWallet and other well-known websites containing users’ passwords and private keys to cryptocurrency.

The Shitcoin Wallet Chrome extension – ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – works by downloading a number of javascript files from a remote server. The code then searches for open browser windows containing webpages of exchanges and Ethereum network tools.

The code attempts to scrape data input into those windows. Once it does, the information is sent to a remote server identified as “erc20wallet.tk,” which a top-level domain address is belonging to Tokelau, a group of South Pacific Islands that are part of New Zealand’s territory.

Shitcoin Wallet stealing user data may sound similar to recent incidents including Apple threatening to unlist Coinbase’s mobile DApp browser from its app store and Google removing Ethereum wallet app MetaMask from its Google Play App Store last week. Both of those instances, however, have been subject to considerable controversy due to lack of evidence of malicious conduct on the part of those apps.

A number of crypto jacking extensions were found on the Google Chrome web store last year. According to a recent report from McAfee Labs, cryptojacking, which occurs when a user’s computing device is secretly used to mine cryptocurrency, has been on the rise, up 29% in Q1 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *

shares