Chrome Extension Caught Stealing Crypto-Wallet Private Keys

Chrome Extension Caught Stealing Crypto-Wallet Private Keys (Jan 1, 2020)

A Chrome extension named “Shitcoin Wallet”, has been caught stealing passwords and private keys from cryptocurrency wallets. The recently launched extension claims to let users manage Ether and Ethereum coins, however it contains malicious code. When users visit cryptocurrency management platforms, the extension injects Javascript that steals login credentials and private keys, sending the stolen information to a third party website. It is not known if the malicious code was implanted by the Shitcoin Team, or if they have been compromised by a third party, however the extension is still available for download from the Google Chrome Web Store.

Recommendation: Users should be cautious when downloading applications because as this story portrays, malicious applications sometimes make it into official stores. Therefore, users should carefully review the permissions an application will request prior to installation.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.