bump
for newcomers
Topic: [Warn]Get to know and always be aware of any malicious browser extensions! (Read 210 times)
February 13, 2020, 11:29:40 PM
January 04, 2020, 06:40:39 AM
I would add in another suggestion, which in my opinion is the most important one for protecting yourself from malicious browser extensions:
Don't install it in the first place!
Before you install any browser extension (or mobile app, program, piece of software, etc.) ask yourself "Do I really need this?" A wallet extension that saves you 2 seconds from opening up a secure wallet, or a tracker extension that saves you 2 seconds to click on coinmarkcap? Completely unnecessary. There are extensions which will alter your clipboard, or scan for seeds or private keys and transmit them to a third party, or steal your usernames and passwords, and so on. All of these things can be hidden in pretty much any extension at all, because people do not look at the code or review permissions before just blindly clicking "install". On mobile, people have lost funds to keyboard apps which were secret keyloggers, or backgrounds apps which were actually screen recorders. Thousands of dollars stolen because they wanted a shiny keyboard or background on their phone.
Here is a pretty good list of browser extensions which you should consider - https://www.privacytools.io/browsers/#addons. Anything else is pretty much unnecessary.
Don't install it in the first place!
Before you install any browser extension (or mobile app, program, piece of software, etc.) ask yourself "Do I really need this?" A wallet extension that saves you 2 seconds from opening up a secure wallet, or a tracker extension that saves you 2 seconds to click on coinmarkcap? Completely unnecessary. There are extensions which will alter your clipboard, or scan for seeds or private keys and transmit them to a third party, or steal your usernames and passwords, and so on. All of these things can be hidden in pretty much any extension at all, because people do not look at the code or review permissions before just blindly clicking "install". On mobile, people have lost funds to keyboard apps which were secret keyloggers, or backgrounds apps which were actually screen recorders. Thousands of dollars stolen because they wanted a shiny keyboard or background on their phone.
Here is a pretty good list of browser extensions which you should consider - https://www.privacytools.io/browsers/#addons. Anything else is pretty much unnecessary.
January 03, 2020, 12:30:03 PM
Lately, many developers have built browser extensions to help people in their activities on the internet, including for crypto enthusiasts. I've seen many extensions to access the crypto wallet, both only as a tracker and to make transactions directly without the need to open the main application/website. Of course, many people prefer installing browser extensions rather than the main application or accessing the main web for several reasons of efficiency comparison. Browser extensions are "All in one" or "Go somewhere else without leaving the current place".
But behind the convenience and comfort offered, some bad people have the intention to steal something valuable from you and it will happen if you're too late to realize it. They build interesting extensions and secretly they've also planted dangerous scripts to carry out activities beyond your control even in the form of extensions that actually don't have any function to crypto activities.
An example of recent case (looking at the total assets, it looks like the victim is no longer a beginner)
I subscribe to some daily news to get the latest crypto price information. One news caught my attention that:
Recently someone claimed to have lost 600 ZEC/Zcash (or around $16k) from their hard wallet. That was caused by a scam extension "Ledger Secure" which he/she installed on chrome. Support team confirms that "This is NOT a legitimate Ledger application" and asks to report this dangerous extension.
Read the full news here ... https://micky.com.au/malware-chrome-extension-steals-16000-from-ledger-wallet-user/
I just want to warn everyone, especially crypto beginners, to ensure the legitimate of the extension that you install in your browser currently and in the future. As additional tips from me in addition to what has been given in this news:
- Don't easily believe in ratings and reviews on Google Webstore or other extension store even more if it's only a bit.
Let's say the biggest extension store like Google webstore, although it has several times improved the policy to suppress suspicious extensions, by looking at the cases like above it seems that 50% of the policy depends on the user's decision where a dangerous extension will be deleted if it gets a certain number of reports.
- Ask for opinions and suggestions to people you trust, to the developer groups, as well as discussion forums about new extensions that you want to install if you have doubts or the extension isn't known to many people even though it was legitimately issued by the service provider.
- Report immediately if you or someone else finds it.
- Suggestions from o_e_l_e_o
But behind the convenience and comfort offered, some bad people have the intention to steal something valuable from you and it will happen if you're too late to realize it. They build interesting extensions and secretly they've also planted dangerous scripts to carry out activities beyond your control even in the form of extensions that actually don't have any function to crypto activities.
An example of recent case (looking at the total assets, it looks like the victim is no longer a beginner)
I subscribe to some daily news to get the latest crypto price information. One news caught my attention that:
Recently someone claimed to have lost 600 ZEC/Zcash (or around $16k) from their hard wallet. That was caused by a scam extension "Ledger Secure" which he/she installed on chrome. Support team confirms that "This is NOT a legitimate Ledger application" and asks to report this dangerous extension.
Read the full news here ... https://micky.com.au/malware-chrome-extension-steals-16000-from-ledger-wallet-user/
I just want to warn everyone, especially crypto beginners, to ensure the legitimate of the extension that you install in your browser currently and in the future. As additional tips from me in addition to what has been given in this news:
An expensive lesson learned
This incident serves to remind us to pay close attention to what we download and which websites we access.
To help ensure that the app or extension you are installing is legitimate, it is a good idea to download it directly from the provider whenever possible.
If you see an app in a repository that isn’t on the provider’s website, don’t be shy about contacting them to ask if it is a legitimate app.
And if you’re using the same device to manage your crypto assets that you use for general online use, be extra diligent.
Even better, have a separate machine – or at least a Virtual Machine – that is reserved solely for your crypto activities.
This incident serves to remind us to pay close attention to what we download and which websites we access.
To help ensure that the app or extension you are installing is legitimate, it is a good idea to download it directly from the provider whenever possible.
If you see an app in a repository that isn’t on the provider’s website, don’t be shy about contacting them to ask if it is a legitimate app.
And if you’re using the same device to manage your crypto assets that you use for general online use, be extra diligent.
Even better, have a separate machine – or at least a Virtual Machine – that is reserved solely for your crypto activities.
- Don't easily believe in ratings and reviews on Google Webstore or other extension store even more if it's only a bit.
Let's say the biggest extension store like Google webstore, although it has several times improved the policy to suppress suspicious extensions, by looking at the cases like above it seems that 50% of the policy depends on the user's decision where a dangerous extension will be deleted if it gets a certain number of reports.
- Ask for opinions and suggestions to people you trust, to the developer groups, as well as discussion forums about new extensions that you want to install if you have doubts or the extension isn't known to many people even though it was legitimately issued by the service provider.
- Report immediately if you or someone else finds it.
- Suggestions from o_e_l_e_o
Jump to: