Topic: Help to report scam extensions on Cromestore that steal your wallets (Read 301 times)

This is a valid concern with ad blockers and that they can be a target for hackers to inject a malware or switch into resources hungry miner. If you plan on using an ad blocker, it's well worth doing a bit of background research on browser extensions before installing them to be sure they have known authors and are recommended by reputable sources.

AdBlockers are the most downloaded and used add-ons on google. There is a big incentive to hack established and well-known adblocker or even to develop a new one with viruses. Until today there were already few malicious adblockers on Google downloaded more as 20 million times. This is an army of bots.

Five most known malicious adblocker add-ons  already removed by Google:
- AdRemover for Google Chrome™ (10 million+ users)
- uBlock Plus (8 million+ users)
- [Fake] Adblock Pro (2 million+ users)
- HD for YouTube™ (400,000+ users)
- Webutation (30,000+ users)



Source:
https://www.techradar.com/news/google-has-kicked-five-malicious-ad-blockers-off-the-chrome-store
https://thehackernews.com/2018/04/adblocker-chrome-extention.html

A cybersecurity firm called Trend Micro issued a statement warning users of new malware that targets crypto wallets, stealing login data and hijacking transactions in the process.

In the past, the malware, FacexWorm, was shared via Facebook links, and once a user opens an infected link all their data is stolen, and their PCs processing power is drained to fuel cryptocurrency mining of which user is not aware of.

But currently, the malware is in the form of a Google Chrome extension. Stealing users’ Google, MyMonero, and Coinhive data is the primary goal of FacexWorm. Plus, it can send carry out unauthorized transactions and issue payments to the attacker’s wallet. Finally, FacexWorm is capable of stealing funds on various cryptocurrency exchanges. The cybersecurity company highlighted Poloniex, HitBTC, Bitfinex, Ethfinex, and Binance.

Bypassing Google Application Validation Tools
The campaign operators created copies of legitimate extensions and inject a short, obfuscated malicious script to start the malware operation.
Radware believes that this is done to bypass Google’s extension validation checks. To date, Radware’s research group has observed seven of these malicious extensions, of which it appears four have been identified and blocked by Google’s security algorithms. Nigelify and PwnerLike remain active.

Known Extensions




source:
https://bitcoinplay.net/crypto-users-beware-chrome-extension-targets-your-wallets/
https://www.express.co.uk/life-style/science-technology/956249/Google-Chrome-update-extensions-web-store-security-Facebook-Messenger-YouTube-scam
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/

Found this chrome extension.
  Google Authenticator  .
Dont use this chrome extension
srujan reddy added this extension on the crome store and not google!

https://chrome.google.com/webstore/detail/google-authenticator/njkhnbmlaefgkjpaghgphiceaocdblgl?hl=nl


If you click on all reactions you can see some crypto people also using this extension.

I do not recommend using this

etheradreslookup is only a good extension  i know for now.

this extension protect you for scam ether adresses and website links
metamask is not good anymore. Tracking all your internet traffic

The only chrome extension that is worth installing (regarding crypto trading) is metamask. All others need to be done with extra care, and only install if really needed. I run ad blocker, hopefully they won't get hacked and turn into a malware miner

To feel safe when dealing with cryptocurrency it is better to use no extensions at all. Just a pure browser that runs in the sandbox. IMHO. I prefer Firefox confined into sandbox of Comodo.

Yes, the scammers are also in the chrome store.
If you install one you have to look carefully at the written reviews. Google sets the language that you use by default. If no review has been written in your language, you will see gene reviews.
 
You must manualy sellect all reviews languages.

Then you definitely get a complete list of reviews.

These are damn annoying, I've seen apps on the android playstore, I generally stay away from them. But Chrome extensions now?

Real nice work, post any bad apps here and we'll all help get them down.

I have updated the links. now should works fine.

Unfortunately they have not been removed yet. I had forgotten and part in the links.

If we misuse all those scam extensions in the chrome store with the information that they steal all your credit from your account, then I think they will disappear soon.

Nice initiative oapieNL! I'd merit you if I had the Smerit.

I'd personally not trust any google extensions, with the exception of LastPass Password Manager[1]. The google chrome store is very different to what some people may compare it to, which are the app and google play stores. It is much easier to get an app listed on the web store and a lot of users are making fake trading bots, some fake steam helpers. [2] The only trading bot I'd trust would be Gunbot.

Nice catch.

As npredtorch said, probably removed. Google is usually fast with this and I've seen shady/scam apps removed from the google play store in a matter of hours.

[1] Great app, recommended. Personally, use the premium version.
[2] These are extensions that instead of helping you check items and trade easier, they'll hack your account and either trade your items away or spam your friends profile with malware.

~Zapo

Looks like it already had been removed.
Personally, I never used any 3rd party & unfamiliar extensions related to crypto.(only pinterest, pdf and some full screenshot ext.)
Also, I always have a mindset that if I install something, my saved password along with history would be scanned by such extensions.

I can't find either of the two.

This chrome extension steal also your complete wallet on yobit.
yobit trading bot
Link
https://chrome.google.com/webstore/detail/yobit-trading-bot/cgmikolceifcfpcaomgpobonjipcecoc/

i automatically wouldn't trust any chrome extension. even more so with anything crypto related. people would be better off forgetting the idea completely and never adding anything. if you need the info and services they provide there's almost always a more secure way of doing it.  

and don't forget chrome apps. the ledger wallet has had fake ledger management apps show up.

kudos for reporting them all the same. keep it up.

There are many spam tools for trading. Especially an extension that steals all coins from your wallet.
Only together can we already remove part of the cromestore later by reporting them and giving a bad review.

Hopefully we can collect a whole list and report jointly about this so that they disappear from the cromestore. I always look when someone has reacted. but that's what he did, I saw. but I found out later when I clicked several languages ​​unfortunately there were bad reviews.

Here the first extension that steals all your coins from your wallet at once on yobit.
This extension is called Yobit neural bot

http://chrome.google.com/webstore/detail/yobit-neural-bot/fommbgdllfjnhlhiiochcogjjocbdeco

Give it a review in your own language and also report abuse so that it disappears from the google crome store.

Hopefully according to more that we can make disappear