Extensions That Google No Longer Needs

Colin Baseman

Reports inform that the main search engine has finally removed 49 extensions. The reason for their decision was the fact that they steal crypto data. All of the extensions bothered Chrome’s users who spotted their activity.

Harry Denley who is responsible for security at MyCrypto, explained the way he finally detached the extensions for the browser’s store. It took him less than a day since he addressed PhishFort, the firm that assisted him. The company specializes in removing fishing extensions.

The fishing extensions that Google got rid of consisted of those that had a certain typee of hardware and software wallet users as their main target. Mostly those extensions targeted Wallets created by Ledger. However, wallets by KeepKey and Trezor were also of great interest. There were plenty of people using Electrum, Exodus, Metamask, MyEtherWallet, and Jaxx who suffered from the activities coming from the extensions.

The extensions served as a tool to make the owners to insert the credentials required users to enter the wallet. Those included private keys as well as mnemonic phrases. Sometimes they used keystore files that hackers received. The criminals had all they needed to steal the funds and rob people’s wallets. Extensions that hackers use may look quite respectable and trustworthy and this is how most users trust the sources, get on their hooks, and then lose their assets.

Some of the extensions had excellent ratings and many boasted five stars, although the evaluations that Chrome extensions displayed were fake. What the reviews illustrated was, on the other, quite the opposite – there were hardly any informative details or descriptions. The products were neither legit nor helpful. One of them used the same review many times yet the authors were different. The hacker placed a brief intro to BTC and described why the extension was the best alternative ever. The problem was that the thief did not realize that the extension never supported Bitcoin.

Most Extensions Belonged to One Hacker

The investigation revealed several uncovered servers that most of the extensions ran on. However, the fingerprints proved to belong to one person. It is now clear that the oldest domain was linked to several other control servers. Denley is sure that the majority of the extensions were controlled and supervised by the same criminal.

Phishing campaigns used rather old, but their registration date was in 2020. Publications of the extensions were available on the browser’s store in March and April.

Old Tricks Still in Use

History repeats itself and the story has happened many times before. The community has faced plenty of such cases where malicious extensions steal crypto from people. There are lots of crypto wallet owners who easily become hackers’ victims. People who get into trouble are of different ages and education. It is especially important for beginners and new users to be cautious and attentive while using various extensions and refrain from entering personal data if they do not know what kind of source requests come from.

This sort of crime is a common practice on the net. Users reports that official extensions can sometimes contain malware. It is possible to restore extensions, but the community has to contact the browser and ask for help as soon as possible. To solve the issue may take mere minutes and it is not that complicated. There are special programs and specialists who can assist. The main point is to do identify the criminals who are trying to steal users’ funds and prevent them from further activity on the Internet.