Google has removed 49 extensions for Chrome that pretended to work as crypto wallets. However, they included malicious code aimed at stealing private keys, mnemonic phrases and other data from users, ZDNet has reported citing the security researcher Harry Denley.
According to him, all these extensions have been created in Russia:
"Whilst the extensions all function the same, the branding is different depending on the user they are targeting."
The extensions were distributed among users as if they were the official apps of Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey. These worked in a "nearly identical way to the official versions", however, all user data was transferred to the attackers on separate servers or in Google forms.
According to Denley, either the attackers are only interested in large accounts or they have not yet figured out how to automate thefts.
Due to the nature of most cryptos, victims cannot recover their funds.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.