Warning: Ethereum Wallet Injects Malicious Javascript To Steal Data

Warning: Ethereum Wallet Injects Malicious Javascript To Steal Data

A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork Extension-native wallet create also sends secrets to their backend! Bad guys: erc20wallet[.]tkExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md — harrydenley.eth ◊ (@sniko_) December 31, 2019

The ‘Shitcoin Wallet’ Chrome extension (ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn) downloads a number of javascript files from a remote server. This code looks for other browser windows, open on the webpages of a number of exchanges and Ethereum network tools. It then attempts to scrape data input into these windows and send it to a remote server, erc20wallet.tk. ‘.tk’ is the top-level domain address for Tokelau, a group of South Pacific islands which is a territory of New Zealand. The code targets the websites of MyEtherWallet, IDEX, Binance, NEO Tracker, and Switcheo, specifically looking for passwords and private keys. Ethereum Shitcoin Wallet Is Pretty Nasty! According to its website, Shitcoin Wallet is available as a Chrome browser extension and a Desktop app for Windows, although goodness knows what additional mischief the app might get up to. It claims to be ‘Covered By Insurance’, although of course this is not explained or substantiated further. The website also makes a big thing about your private key only being stored on your local PC, and not needing to ‘worry about assets loss due to any hacker attack to ShitcoinWallet servers.’ Riddled with grammatical and spelling errors, it suggests that users will ‘receive many tokens everyday by our team and our partners’. This includes an alleged, ‘AIRDROP 0.05 ETH FOR FIST (sic) 500 USERS’. Finally, as a ‘Fun Fact’ it claims that ‘Shitcoin wallet is pretty good!’ Google Chrome Removes Meta Mask Last year a number of Chrome browser extensions were identified which enabled cryptojacking, or the secret mining of cryptocurrency through a users machine. Just last week, Google removed the Ethereum wallet app MetaMask from its Google Play App Store. The reason cited was that the app enabled cryptocurrency mining on mobile devices, which the developer denies. What do you make of this latest Ethereum malware? Add your thoughts below!

Images via Shutterstock, Twitter @sniko_ The post appeared first on Bitcoinist.com.


source: https://bitcoinist.com/warning-ethereum-browser-wallet-injects-malicious-javascript-to-steal-data/

TheBitcoinNews.com is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some BATSend Tip now!

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

No comments yet, be the first to comment this article