Author

Topic: FAKE BROWSER EXTENSIONS TARGETING YOUR LEDGER, TREZOR, METAMASK WALLETS. (Read 252 times)

member
Activity: 882
Merit: 17
i wish people can continue to understand that daily, new method of hacking are been targeted to internet users. in such case everyone should always know the latest update from wallet extensions been used. most times, these hackers successfully maneuvered the real but applications. always remember to update up browser to stay up to date on current extensions.
hero member
Activity: 2520
Merit: 952
Aside from resetting browser, use adblocker to get rid of ads.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Google just recently took down 49 Crypto-Stealing Chrome Extensions from Google's Store. Many of these were publicized through Google Ads (nice tightly-coupled ecosystem here), which kind of lead to the thread been pulled, whereas that is not often going to be the case, and they will be placed and replace on the store without too much effort.

The article sounds like a "big" bust, but it’s probably a one-off, or a once-in-a-while type of bust, being the greater part dealt by individuals reporting them, and thus, after someone likely has gone and installed the extension to act in all it’s splendour.

Interestingly enough, the above linked article point to the basis of the bust being PhishFort, who highlights the modus-operandi of these crooked extensions (see https://www.phishfort.com/blog/chrome-extension-phishing). Most of those 49 extensiones seemed to be run by the same guy/group, who would send the phished data to a common set of backends and/or a GoogleDocs form. Ledger was the most targeted type of wallet (57% of the 49 reported extensions). A drop in the ocean probably ...
legendary
Activity: 2268
Merit: 18771
Do we have a depository thread that shows or provides a consolidated and updated list of all suspected or confirmed fake browser extensions (targeting your crypto), that's been verified by bitcointalk users?
Such a list would be irrelevant and almost immediately inaccurate.

First of all, there is no way to possible list every malicious browser extension. There are far too many. Listing all the confirmed malicious ones would lead to newbies getting a false sense of security when installing one which isn't on that list.

Secondly, keeping such a list up to date would be similarly impossible. There are plenty of examples of software, apps, extensions, add-ons, etc. which started out honest, and after they had been downloaded enough times, the developer quietly pushed a malicious update which was auto-downloaded on to thousands of devices. There are also plenty of examples of develops adding malicious code to various libraries or dependencies which honest software will pull from.

Your default position should be that every browser extension is potentially malicious and poses a risk to both you, your data, and your cryptocurrency. You should only be using open source extensions which are absolutely necessary, such as uBlock Origin and HTTPS Everywhere. The vast majority of browser extensions are simply unnecessary.
legendary
Activity: 2170
Merit: 1789
I don't recall threads like that (or maybe missed it). You can create it if you want to, but I doubt it will be effective. Sometimes it will get ignored and the irresponsible OP will say "sorry I didn't know somebody posted it before" or point out a very small difference on the content that doesn't actually matter at all. Just because they want to get more attention by creating new topics.
newbie
Activity: 9
Merit: 0
Do we have a depository thread that shows or provides a consolidated and updated list of all suspected or confirmed fake browser extensions (targeting your crypto), that's been verified by bitcointalk users?

If not, maybe we could create one by simply combining other threads of the same topic, just to simplify the consolidated info if that's possible.
legendary
Activity: 3080
Merit: 1353
Someone already shared it here, Fake Electrum, MEW and Meta Mask. Lately though, it looks like cyber criminals are targeting chrome web store extensions, so everyone should be careful. If you found someone, just simply report it so that you can stop it from harming crypto enthusiast, specially newbies. Also you can install adBlock or uBlock.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
Sorry, but don't we have like more than a dozen topics concerning browser extension scams already? At this point it's getting super redundant that people are pretty much creating the same topics over and over again for the sake of merits.

Touche. As if as we don't have other non-crypto scams to worry about Cheesy
full member
Activity: 218
Merit: 105
The Nomad
Sorry, but don't we have like more than a dozen topics concerning browser extension scams already? At this point it's getting super redundant that people are pretty much creating the same topics over and over again for the sake of merits.
hero member
Activity: 2338
Merit: 757
Top-tier crypto casino and sportsbook
Great topic. Thank you op for sharing the info.
It's important to know that browser extentions in general are not that safe if you use the navigator to access or manage your crypto wallet or if you use the same device to store crypto and use it for daily tasks.
I would always recommend to manage funds in an offline device or in an independant one. A separate device for crypto dealings is safe than to think about just a separated navigator in the same device .
member
Activity: 154
Merit: 10
It is important to note that hackers are trying every possible means to steal your cryptocurrencies. apart from the regular exchanges that has been major targets for them. there are other means of getting access to your cryptocurrencies without your permission. different attacks keep increasing toward crypto users. from bi-literal trading scams to sim hijacking and it is not stopping.

Another means of stealing funds been perpetuated by these hackers includes creating a fake browsers extension.
FAKE BROWSERS EXTENSIONS: These are ways by which a hacker launched a browser extension on web browsers. when you install such extension to your web browser and provides your secret details to such account, your information are collected by the hacker and your savings are been exposed. the targeted wallets for this operations are the
Ledger wallet, Trezor wallet, Jaxx wallet, Electrum wallet , Myetherwallet, Exodus wallet and Keepkey wallet.

Hacking Methods applied by these extension is PHISHING. The aims is to get your secret Keys, mnemonic phrases, private keys and keystore files. Once you download this Fake extension and enters your details, it sends an HTTP POST request to its backend. I.E sending your informations to the designers of such malicious apps.

MODE OF INSTALLATIONS: Most apps appears on our google search for most of us that uses google search engine. the picture below is a perfect example.

https://imgur.com/a/WoHyPJX

https://imgur.com/a/WoHyPJX

Lets make it clear Guys. One thing is certain. whatever browser you are using to access the internet, all of them are into business and are making money. these Hackers can spend huge money in marketing their fake products. they pay marketing companies huge money to market their brands. they also have a huge number of people that post positive feedback from using these app. The google platform is also an open source and also everyone to taste and upload withever content he/she has making it a easy target for users that failed to verify app properly before using.

As of today, the number of fake cryptocurrency extensions hitting the our browsers are gradually increasing. Reports has it there is a 63% increase of fake browsers extension this APRIL 2020. We might see more. Ledger wallet remains the top most hit.

SAFETY

To stay save, There are ways by which we can avoid these extensions.
1; make sure you install trusted extension from wallet providers by visiting their website or social media platform to get directions on what to install and how to install. AVOID THE "i think i know everything" to avoid loosing your funds.

2; know the permissions that is been assigned to the extensions in your browser. most of us uses chrome browser. better check the chrome link extension chrome://extensions/  and click the details tab to get a better understanding of the permission given to the installed extension. if you feel not save, consider removing the extension.
3; you can set up a separate browser for your crypt dealing to limit any kind of attacks on your accounts.

ANOTHER IMPORTANT means of reducing such installation is by making sure your google search doesn't allow FAKE ADS. Just like the picture below
https://imgur.com/a/WoHyPJX

IF your google search results shows ads. Kindly reset your browser to its default( chrome, explorer, opera) to remove some malicious adwares in your browser or computer. Most ads appeared as a result of adware hiding in our systems.
THIS IS VERY IMPORTANT.

you can follow this link for chrome users to resolve issues regarding Ads and fake Adverts appear in your google search.
https://support.google.com/chrome/answer/2765944?visit_id=637225009087907484-1666743145&rd=1

Thanks.
Jump to: