Google has removed 22 malicious crypto wallet extensions from the Chrome extension store. These extensions were impersonating bitcoin wallets like Ledger and MetaMask. This follows the removal of 49 other malicious extensions last month.
The security firm, Sophos reported on the 50 removed Google Chrome extensions. They further reported on the additional 22 extensions on their news website, Naked Security. According to the article, Harry Denny, a security researcher at MyCrypto identified the extensions in a blog post. They were subsequently removed by Google.
According to Denley, the malicious extensions were advertised as being affiliates of MyEtherWallet, Trezor, Electrum, Ledger and Metamask. Each extension created a user experience that duped users into believing that they were using their existing wallet extensions. As a result, users inputted their private keys and mnemonic phrases, which gave the extension creators the ability to steal all funds from their wallets.
This method of phishing appears to be commonplace now. Extension creators are impersonating wallets like Ledger, KeepKey, MetaMask, and Jaxx. Google has been responsive in the removal of the fake extensions, according to Denley. Furthermore, Google created new rules.
The rules announcement in the Chrome Web Store stated:
We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings.
Google Chrome Web Store
In other words, Google is now prohibiting extension developers from publishing multiple extensions that appear to have the same functionality. Developers are also prohibited from uploading extensions that are designed only to launch other apps or extensions. This policy will become active on August 27, 2020.
It appears that the problem is in the way that Google reviews each new uploaded extension. This is magnified by the sheer volume of extensions being uploaded, and the number of users per extension. It’s likely, therefore, that Google may take stricter measures on how it approves new Chrome extensions.
In order to minimize being duped by malicious, fake software wallets on Chrome, you can take the following steps:
- Limit the number of browser extensions you do install
- Read reviews and feedback prior to installing a Chrome (or other browser) extension
- Check how quickly the extension developer typically responds to inquiries
- Review app permissions in Chrome by going to Settings > Extensions > Details
Dennis Consorte has an appetite for news and information about cryptocurrencies, blockchain, IoT, fintech, adtech, martech and other technologies. He also has over 20 years’ experience in digital marketing and content strategy.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.