2. Type "ledger live'
3. The first search returns an Ad, looks legit right?
4. But when you click on it, you will be redirected to ... wait for it.
5. A fake and malicious apps on their Google chrome store.
https://chrome.google.com/webstore/detail/nanoledger/oiekmlochkbifklpcbokmbbpihdneoln
Checking a bit further (curiosity kicks in), looking at the manifest.json, seems to be writing to a google docs file here:
https://clients2.google.com/service/update2/crx
Below is the complete code.
{
"browser_action": {
"default_icon": {
"256": "icons/icon-256.png"
},
"default_popup": "index.html",
"default_title": "NanoLedger"
},
"description": "New NanoLedger, more secure, fast confirm transaction.",
"icons": {
"128": "icons/icon-128.png",
"16": "icons/icon-16.png",
"32": "icons/icon-32.png",
"64": "icons/icon-64.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgx54FjY2SgL8lJFz8BdKMXyOUbI2vCy20X15LMjcPPQpHLDLXWx1j2kVU3NuiL6mA80IbYfZWcs2I0/c0+st30ktRbSbGtoUVenJtWbBzMxHT2vnYe8SzjGwY6nCH467QrW6Yakfb2auHWmTDu380mV2Cx8lW47K9fnGS8d4t9suXSrjZFyo4prBEO5JK7w4xDiGHMXJw4iql3DmoQcBxZGSZiS8jhy54UOjB3Tr6u1vJITSCV2CPmr7+8sHpDCffjXJ6cIiJ6N5eD/nY3mSEuwuhy78NKnTuxsBUJTRlkf6nYWntVeEgfw7PE+rN0u+ZS8pTdQLRy7PNt//5gzp5wIDAQAB",
"manifest_version": 2,
"name": "NanoLedger",
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "1.0"
So please kindly help me report this malicious apps...