Exclusive: Google eliminates 49 extensions from the web store, Rebuked for hijacking cryptocurrency.
Google Chrome’s vogue continues to grow with latest figures revealing the browser now has over two billion users across the globe. With this large number of people accessing the web via Chrome, it seems it has become a major target for cyber intruders.This year has already seen Chrome hit by a number of attacks but a new threat has just been discovered which could be one of the worst yet. Google Chrome users are warned as another security threat has just knocked on the door, Once again the stake of google chrome users are at risk. The popular browser has been hit by another malicious attack as extension hosted on the official chrome web Store found to be stealing Crypto-wallet keys.
The Context:
Google has suspended 49 Chrome extensions from the Web Store that posed as legitimate cryptocurrency wallet apps but contained malicious code that stole crypto-wallet private keys, mnemonic phrases, and other raw secrets. The 49 intrusive extensions were descried by Harry Denley, Director of Security at the MyCrypto platform. Denley says the 49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor.
Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. Cryptocurrency owners need a wallet just like users of regular cash do. Instead of cash, however, crypto wallets hold digital keys – which grant users access to the blockchain addresses to unlock their funds. Some people write those addresses down on a piece of paper, while others might store them in a file on their computer or in a software application that doubles as a wallet. A hardware wallet is a device dedicated to storing the addresses, and they are built to be as difficult to hack as possible.
Denley believes that the threat actor is interested in stealing funds from high-value accounts only, or the attacker hasn’t figured out how to automate the thefts and has to access each account manually. Nonetheless, Denley says that thefts are happening. The researcher has tied some publicly reported incidents to some of the 49 extensions he has been recently tracking. Unfortunately, due to the nature of most cryptocurrencies, victims cannot recovered any of the stolen funds.
Furthermore, since the threat actor behind this agenda is still active behind the scenes So, other more malicious extensions are expected to grow up on the Web Store in the coming months.
Preventive Measures:
- Make sure the developer is legitimate. Extension developers should have a public profile or website somewhere that can verify their identity. There are also plenty of fake extensions masquerading as the real thing.So make sure the developer matches the software. For instance, Instagram wouldn’t have been made by some random person – since it’s owned by Facebook.
- Only install extensions from official web stores such as the Chrome Web Store.
- Read through all of the permissions that an extension requests carefully. If something is requesting permissions that don’t sound right, then it’s time to question its authenticity. For instance, if a sticky note extension requests permission to read and change data on the websites a person visits. Why would a simple note-taking app want access to everything a person does online? That should be a red flag. Unfortunately, extension permissions don’t work the way mobile app permissions do. If someone doesn’t agree with all of them and won’t give the go-ahead, then they can’t install the extension at all.
- Don’t install a boatload of extensions. Almost no one needs to have 20+ extensions on their browser, and it slows down the computer anyway. People should stick to the most important extensions that perform functions they can’t live without. Delete the rest.
- Regularly go through installed extensions and make sure they’re still functioning normally. If they have update logs – go through those too and be on the lookout for any suspicious language.
- Make sure to have security software installed. A good firewall can go a long way, and while it won’t protect against everything, it’s still a good failsafe to have. Install anti-virus software as well. Many malicious extensions have code that’s known to be dangerous, and a good anti-virus can pick up on that.
We are all going through a very tough time, for now it has been our primary duty to stay at home and also be aware about the cyber crimes.keep your operating systems updated and strictly follow the cyber ethics.