Author

Topic: {Warning}:Chrome extension caught stealing crypto-wallet private keys (Read 217 times)

staff
Activity: 3304
Merit: 4115
Of course using Qubes and other virtualization tools is a great advice, but the reality is that most people won't do this, it's simply too much effort for them. It would be hard (impossible?) to configure dual-booting Windows and Qubes, you'd have to restart your machine to switch operating systems, there could be driver problems and so on. People often tell others to switch to Linux because its more secure, but it's not feasible for most users who got used to doing everything on Windows or Mac.
Dual booting anything with Qubes OS would be a security flaw in its own right, and I'd advise anyone against that. However, Qubes OS does ship with something called "Windows Tools" which contains drivers capable of making it integrate with APPVMs inside of Qubes OS. Depending on your needs for a Windows based operating system this could benefit those that don't want to fully convert.


There's more information on the Windows tools here: https://www.qubes-os.org/doc/windows-tools/, and there's also more information about the harm of dual booting with a system like Qubes OS here: https://www.qubes-os.org/doc/multiboot/ Although, a lot of the principles stand for most operating systems when it comes to dual booting. 

It's true that most users will avoid the complex nature of Qubes OS, but my post was aimed at the more security conscious than those that are a general consumer. I'm not sure about you, but I regularly reinstall my operating systems, and play about with them. That's a day well spent for me Tongue  
legendary
Activity: 3038
Merit: 2162
You're right about this being a browser extension thread, however preventing XSS, and XSRF attacks is a good start point, wouldn't you prefer to completely secure the system? A malicious browser usually only attacks the core of the browser, but can potentially affect the computer on a operating system if you aren't correctly configured. An example of this would be when a extension allows content from a certain web page downloading without prompting to your machine. This could be malicious software which could get executed in the future. The possibilities are slim, however from a security, and privacy point of view, and not a general consumer point of view I would prefer to advocate securing it via isolation on a operating system level or at the very least contained within a level 2 virtual machine (such as virtualbox & VMware)as using a different web browsers on a level 2 virtual machine would provide better security than just using a different container, because a lot of malware will not be targeting this sort of setup.  

Of course using Qubes and other virtualization tools is a great advice, but the reality is that most people won't do this, it's simply too much effort for them. It would be hard (impossible?) to configure dual-booting Windows and Qubes, you'd have to restart your machine to switch operating systems, there could be driver problems and so on. People often tell others to switch to Linux because its more secure, but it's not feasible for most users who got used to doing everything on Windows or Mac.
staff
Activity: 3304
Merit: 4115
Well, I wasn't talking about preventing all possible attacks, this is a thread about malicious browser extension, so I had browser security in my mind when I was making my previous post. Firefox containers share extensions, so it's only useful against XSS and XSRF attacks. I was talking about changing browsers profile (about:profiles in FF) - this is nearly as good as launching a separate browser, though it's not very convenient to use. And using different browsers would obviously protect you against malicious extensions (in a sense that they won't still anything critical), unless there's some horrible vulnerability that lets malicious extensions escape sandbox and execute arbitrary code on a system level.
You're right about this being a browser extension thread, however preventing XSS, and XSRF attacks is a good start point, wouldn't you prefer to completely secure the system? A malicious browser usually only attacks the core of the browser, but can potentially affect the computer on a operating system if you aren't correctly configured. An example of this would be when a extension allows content from a certain web page downloading without prompting to your machine. This could be malicious software which could get executed in the future. The possibilities are slim, however from a security, and privacy point of view, and not a general consumer point of view I would prefer to advocate securing it via isolation on a operating system level or at the very least contained within a level 2 virtual machine (such as virtualbox & VMware)as using a different web browsers on a level 2 virtual machine would provide better security than just using a different container, because a lot of malware will not be targeting this sort of setup.  


Since when are people educated about privacy or these things in general? You don't get taught in the schools that there these Corporations out there which track your every click online so use VPNs and different aliases to lesson this privacy invasion which surrounds you 24/7...  It's not their fault TBH. There isn't a system in place which educates people about their privacy and most of the current economic system thrives off from this "tracking" so there is no benefit for "them" to educate the masses about these issues...
School doesn't even teach you to think for yourself. Just to think like everyone else to get the job done. However, it does normally get a little bit better at a university level. My university gave examples of Google owning a lot of data on users of the internet due to them owning multiple companies that everyone has probably used at some point. They don't necessarily say this is a bad thing, but they do bring in the moral debate about it.
legendary
Activity: 1512
Merit: 1218
Change is in your hands
Quote from: o_e_l_e_o
If someone emailed you a bunch of code and said "Run this on your system", would you do it? Of course not (at least, I sincerely hope not). If someone approached you in the street and said "Let me borrow your laptop/phone so I can install some programs on it", would you hand it over?

Well, 33% of American Adults[1] will still fall for a phishing scam so yeah you will find plenty of people on the web who would gladly do that...

Quote from: o_e_l_e_o
Why then do people just download and install completely unknown software, apps, add ons, etc. from complete strangers with zero due diligence? It is absolutely mind blogging people are this careless, especially when it comes to money.

Since when are people educated about privacy or these things in general? You don't get taught in the schools that there are these Corporations out there which track your every click online so use VPNs and different aliases to lesson this privacy invasion which surrounds you 24/7...  It's not their fault TBH. There isn't a system in place which educates people about their privacy and most of the current economic system thrives off from this "tracking" so there is no benefit for "them" to educate the masses about these issues...


Source:
[1] https://www.pewresearch.org/internet/2019/10/09/americans-and-digital-knowledge/
legendary
Activity: 3038
Merit: 2162
You're referring to containers which do provide a way of dissociating browser data via placing them in containers. However, it does not protect you from all kinds of attacks. A website could theoretically target users with containers, and find the linked data. Another misconception is browser containers prevent malicious software from spreading, but this is also not true. Using separate browsers does the same as containers, but also prevents to a certain extent websites linking your agents together. Although, this isn't the best option either. You can spoof user agents, use script less browsers, and block trackers, but you have to do this in such a way that no third parties are involved. As soon as you involve a third party such as a closed source extension you are at risk of giving your data to the extension owners.

Well, I wasn't talking about preventing all possible attacks, this is a thread about malicious browser extension, so I had browser security in my mind when I was making my previous post. Firefox containers share extensions, so it's only useful against XSS and XSRF attacks. I was talking about changing browsers profile (about:profiles in FF) - this is nearly as good as launching a separate browser, though it's not very convenient to use. And using different browsers would obviously protect you against malicious extensions (in a sense that they won't still anything critical), unless there's some horrible vulnerability that lets malicious extensions escape sandbox and execute arbitrary code on a system level.
member
Activity: 211
Merit: 55
There was an airdrop from this site that had as a rule to download this wallet.

https://freecoins24.io/shitcoin-wallet-giveaway-1/

Their telegram channel has around 1000 members right now, so I guess they already found enough victims, as airdrop hunters usually download every shitcoins wallet for a possible one dollar airdrop. From what I noticed a few people are already aware of the threat.
I notified telegram as well to mark their channel as scam.
staff
Activity: 3304
Merit: 4115
People really should use more than one browser or profiles within the same browser, so that even if something malicious sneaks into their browser, it wouldn't be able to steal cookies, logins and execute attacks against important sites. So, you could use Chrome for reading news or visiting entertainment sites, but then have Firefox for checking your main email, doing banking stuff and crypto. This doesn't mean that you can become careless when you use multiple browsers, but generally security by isolation is much stronger than relying on user to not let malware into their system.
You're referring to containers which do provide a way of dissociating browser data via placing them in containers. However, it does not protect you from all kinds of attacks. A website could theoretically target users with containers, and find the linked data. Another misconception is browser containers prevent malicious software from spreading, but this is also not true. Using separate browsers does the same as containers, but also prevents to a certain extent websites linking your agents together. Although, this isn't the best option either. You can spoof user agents, use script less browsers, and block trackers, but you have to do this in such a way that no third parties are involved. As soon as you involve a third party such as a closed source extension you are at risk of giving your data to the extension owners.

Security by isolation, or compartmentalization is only possible via utilizing virtualization technology at a BIOS level. If you are isolating via virtual machines on a "ordinary" operating system you're not isolating effectively. Virtual machines such as VMware, and virtualbox do offer some protection, but not entirely. This is because they are not operating at a base level, and don't use their own hypervisor.

I've talked about this recently a lot, but I'd recommend Qubes OS for effectively isolating your machine. There are alternatives, but my personal opinion is Qubes OS is the most effective one out there. This truly isolates every domain separately from the other. The only way the whole system is compromised is if the Dom0 (the root of Qubes OS) is compromised, but you should not be doing anything on DOM0 except for updating for critical exploits. I wouldn't even have DOM0 connected to the internet, but Qubes OS allows you to create different domains (workspaces) for whatever you want. If you want your network to operate on a VM separate to the rest of your computer you can, and that is 100% recommended.

Does it have to be Chrome, or would they accept Chromium based browsers? On the rare occasion I have a need for a Chromium based browser, I always use Ungoogled Chromium.
They unnecessarily marked assignments to the letter. If it says Google chrome developer console you better be using Google chrome console otherwise you could potentially be marked down. This is likely due to it being distance learning, and you're compromising because the lecturers aren't full time, however was necessary to me because I couldn't justify giving up work to study so opted to do both with distance learning.
legendary
Activity: 3038
Merit: 2162
People really should use more than one browser or profiles within the same browser, so that even if something malicious sneaks into their browser, it wouldn't be able to steal cookies, logins and execute attacks against important sites. So, you could use Chrome for reading news or visiting entertainment sites, but then have Firefox for checking your main email, doing banking stuff and crypto. This doesn't mean that you can become careless when you use multiple browsers, but generally security by isolation is much stronger than relying on user to not let malware into their system.
staff
Activity: 3304
Merit: 4115
Well on the general consumer's stand point being one of the top companies and being reputable is already enough to let their guard down when it comes to safety and security they become careless that if extensions are available for Chrome are available in their store it is already deemed safe and secure the same thing can be said on their Playstore. Even if their users are complaining Google has no reply and I don't see any kind of damage control aside from removing that extension or app they don't add an extra step to prevent it from happening in the future.
Google isn't that reputable when it comes to a privacy point of view. They are constantly logging on your data, and using that data. The fact that they track your physical location if you own a Google account by default is worrying enough. The fact that they have a monopoly on searches means they are a centralized figure  that as access to millions of users search data. Depending on the country you live in Google are lawfully required to hand over this data if requested. Privacy international has got a few examples of "abuse" that Google has been linked with: https://privacyinternational.org/examples/google

Although, the reputation of Google by the general consumer like you said probably is considered good. However, anyone who cares a little about privacy should probably refer to using something else like Duckduckgo.


Although, I will defend them a little with the extension store. Although, it would be preferable to review every piece of code that was submitted on their extension store they have far too many submissions to make that happen, and unfortunately being the corporate company they are they aren't just going to put this into place.
hero member
Activity: 1806
Merit: 672
Yeah sure Google has the biggest cause for letting these types of extensions and apps being made available in Chrome and Playstore
People place far too much trust in Google.

Well on the general consumer's stand point being one of the top companies and being reputable is already enough to let their guard down when it comes to safety and security they become careless that if extensions are available for Chrome are available in their store it is already deemed safe and secure the same thing can be said on their Playstore. Even if their users are complaining Google has no reply and I don't see any kind of damage control aside from removing that extension or app they don't add an extra step to prevent it from happening in the future.
legendary
Activity: 2268
Merit: 18771
The annoying part of some of my courses they required screenshots of the developer console in Chrome, and wouldn't accept the equivalent in Firefox or other alternative browsers.
Does it have to be Chrome, or would they accept Chromium based browsers? On the rare occasion I have a need for a Chromium based browser, I always use Ungoogled Chromium.
staff
Activity: 3304
Merit: 4115
Don't install extensions that aren't open source, and you've either reviewed the code yourself or have asked someone else who you trust to review it for you. Ideally, you'd review it yourself, and only use someone else if you haven't got the technical skills. Even then I probably wouldn't take the advise from someone else, and would just opt to not install the extension.

People place far too much trust in Google.
The annoying part of some of my courses they required screenshots of the developer console in Chrome, and wouldn't accept the equivalent in Firefox or other alternative browsers. It was incredibly annoying. Google has a massive monopoly which people don't seem to mind at all.

legendary
Activity: 2268
Merit: 18771
Yeah sure Google has the biggest cause for letting these types of extensions and apps being made available in Chrome and Playstore
People place far too much trust in Google.

Google don't have dedicated employees who sit and examine the code of every single update to every single app, add on, and extension they host. They do the most basic checks, if any, to test whether applications are legit or malicious. We constantly see new applications which are outright malware, which are designed to mimic genuine ones, which do all variety of things, appearing on the Playstore and Chrome Extension library.

Google don't care about your safety or security. They care about mining and selling your data. That's where their profits come from. They are not your friend. Stop trusting them. If you are going to install some new application, the onus is on you to make sure it is safe.
hero member
Activity: 1806
Merit: 672
If someone emailed you a bunch of code and said "Run this on your system", would you do it? Of course not (at least, I sincerely hope not). If someone approached you in the street and said "Let me borrow your laptop/phone so I can install some programs on it", would you hand it over?

That's the problem if they emailed this in the millions at least a few thousands will follow or be fooled by this type of emails and there is really no one to blame but them. Yeah sure Google has the biggest cause for letting these types of extensions and apps being made available in Chrome and Playstore but as a user itself you must practice precaution when it comes to things you are seeing in the web. Because you are really literally the last line of defense for your system for it to be infiltrated or not.
legendary
Activity: 2268
Merit: 18771
If someone emailed you a bunch of code and said "Run this on your system", would you do it? Of course not (at least, I sincerely hope not). If someone approached you in the street and said "Let me borrow your laptop/phone so I can install some programs on it", would you hand it over?

Why then do people just download and install completely unknown software, apps, add ons, etc. from complete strangers with zero due diligence? It is absolutely mind blogging people are this careless, especially when it comes to money.

And stop using Chrome. It is spyware.
sr. member
Activity: 882
Merit: 301
Not a good news to start the year  Undecided

What a name for a wallet and this bust tells us that it is indeed a shitcoin wallet.

Here is another important thing to note in the article
Scans with VirusTotal, a website that aggregates the virus scanning engines of several antivirus software makers, show both files as clean.

I understand that scanning with VirusTotal is a good step to detect malwares but when you see new wallets like this come out of nowhere, it is better to just wait for credible reviews before trying it out.

legendary
Activity: 2576
Merit: 1655
Chrome extension caught stealing crypto-wallet private keys

Quote
A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/

Code:
Phishing Link: https://shitcoinwallet.co/

It was discovered by Harry Denley, Director of Security at the MyCrypto platform.

https://twitter.com/sniko_/status/1211841389299982336

Quote
  • Users install the Chrome extension
  • Chrome extension requests permission to inject JavaScript (JS) code on 77 websites
  • This JS file contains obfuscated code
  • The code activates on five websites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
  • Once activated, the malicious JS code records the user's login credentials, searches for private keys stored inside the dashboards of the five services, and, finally, sends the data to erc20wallet[.]tk]

It's just the beginning of the year, so I do hope that no one will fall victims from this cyber criminals.
Jump to: