False Crypto Wallet Extensions Again Appear in Chrome Web Store, Siphoning Victims’ Passwords • VPNOnlineFree

%1$s', sprintf( '', esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ), esc_attr( sprintf( __( 'View all posts by %s', 'generatepress' ), get_the_author() ) ), esc_html( get_the_author() ), get_avatar( get_the_author_meta( 'ID' ) ) ) ); $time_string = ''; if ( get_the_time( 'U' ) !== get_the_modified_time( 'U' ) ) { $time_string = $time_string . ''; } $time_string = sprintf( $time_string, esc_attr( get_the_date( 'c' ) ), esc_html( get_the_date() ), esc_attr( get_the_modified_date( 'c' ) ), esc_html( get_the_modified_date() ) ); printf( '%1$s', // WPCS: XSS ok, sanitization ok. sprintf( '%3$s', esc_url( get_permalink() ), esc_attr( get_the_time() ), $time_string ) ); if ( ! is_single() && ! post_password_required() && ( comments_open() || get_comments_number() ) ) { echo ''; comments_popup_link( __( 'Comments', 'generatepress' ), __( '1 Comment', 'generatepress' ), __( '% Comments', 'generatepress' ) ); echo ''; } ?>


Three weeks after Google removed 49 Chrome extensions from its browser’s software store to steal crypto wallet credentials, 11 more password scanners have been spotted – and some are still available for download .

Questionable add-ons disguise themselves as legitimate crypto wallet extensions and prompt people to enter their credentials to access their digital money, but are not at all official and are designed to siphon this login information from scammers .

Harry Denley, director of security at MyCrypto, who identified the previous batch of bad extensions, said The VPNOnlineFree at least eight of the latest crop of 11 imposters, masquerading as KeyKeep, Jaxx, Ledger, and MetaMask crypto-wallet software, have been removed.

Denley provided The VPNOnlineFree with a list of extension identifiers, previously reported to Google, and we were able to find some that were still available in the Chrome Web Store at the time of writing.

Dan Finlay, lead developer of MetaMask, consulted Twitter for help from Google, because “Sometimes it seems seriously that they are only optimized to respond to the outrage of social media.”

Finlay complained that Google continues to approve extensions made by phishers. “The amount of impostor meta-masks on the Chrome store has increased, and apparently they all pass the manual security review,” he said. wrote. “In addition, they are all allowed to buy premium Google advertising space at the top of search results.”

Criminal uses phone for fraud

40 million emoji-addicted keyboard app users ended up with an $ 18 million bill – after malware re-entered the Play Store


As we reported in January, the Chrome Web Store appears to be understaffed and too dependent on automation to meet the challenges it faces. In this, it is reminiscent of the Google Play Store which, for years, has struggled to keep malicious Android applications at bay.

The VPNOnlineFree We asked Google to comment, but other than being asked for more details about the suspicious extensions, we got no response.

Finlay said The VPNOnlineFree that if Google wants to run the Chrome Web Store with few people, it needs to implement systems to automatically enforce brand and brand restrictions for the store and its advertising platforms.

“I think it would be great for Google to take a stand on respecting brands in its ads, but I don't know if that goes against their business model,” he said. “I hope Google doesn't think it needs to protect phishing to stay afloat.”

Google’s advertising policy states that the company will investigate complaints from trademark owners, but only after receiving a complaint. The Google Chrome Web Store developer agreement prohibits developers from violating intellectual property rights, which probably doesn't mean much for committed violators. At the same time, it is clear that “Google is under no obligation to monitor products or their content”.

Denley said that Google appears to be unable to control the Chrome Web Store or negligent.

“I have a semi-popular Chrome extension and after each release request it takes a while for it to be approved. So if there is a manual review process, it either doesn't work as expected (and only slows down updates to popular extensions) or it's just a manual review of popular extensions, “he said. “It looks like these bad extensions are instantly approved by several different accounts.”

A week ago, Google announced more restrictions to clean up the Chrome Web Store, noting that “the increased adoption of the extension platform has also attracted spammers and fraudsters introducing extensions. poor quality and misleading in order to deceive and deceive our users by installing them to make a quick profit. “

The policy review aims to prevent developers from spamming the store with similar extensions and broadens the company's definition of abusive behavior and opinion manipulation. In January, Google locked the Chrome Web Store due to a flood of vitriolic comments.

Keep in mind that Google has made similar security improvement announcements on the Chrome Web Store every year since 2011.

Denley said that in a perfect world, owners of popular extensions would receive more attention when they report abuse, such as the appearance of an extension with the same name and brand.

“I would love to be able to get in touch with [the Chrome Web Store] team so that I can pass my CIOs [indicators of compromise] for them, although I guess the web store items related to cryptocurrency are not their priority, “he said.

Maybe someone will develop a Chrome extension that renames the Tweet button on Twitter to read “Google Support”. ®

Webcast: Build the Next Generation of Your Business in the Public Cloud


Notify of
Inline Feedbacks
View all comments