x
Black Bar Banner 1
x

Watch this space. The new Chief Engineer is getting up to speed

  • Sign Up
  • Log In
  • Calendar

A malicious Google Chrome extension cost one user $16,000

Posted by Simon Keighley on January 03, 2020 - 6:29am Edited 1/3 at 6:31am
Tip

A malicious Google Chrome extension cost one user $16,000

A malicious Google Chrome extension cost one user $16,000

By Robert Stevens

This is Google’s third crypto-related bungle this week.  When will it end?

A user of a malicious cryptocurrency wallet, Ledger Secure, claims to have lost $16,000 worth of the privacy coin Zcash.

Ledger Secure, an extension for Google Chrome, isn’t related to Ledger, the hardware wallet makers of a similar name. Instead, it passes a user’s seed phrase back to the creator of the extension, claimed @BTCSchellingPt.

Their suspicions were confirmed by the official support account for Ledger, which tweeted, “A Chrome extension malware has been detected called "Ledger Secure". This is NOT a legitimate Ledger application...DO NOT use it and contact us if you've installed it.”

The malware has caught one victim, who goes by “hackedzec” on Twitter. The user claims to have had 600 ZCash, the equivalent of around $16,000, stolen from them.

 

ecosystem for entrepreneurs

 

The user had only ever entered their seed phrase on their computer once, two years ago. And the user also remembered photocopying the seed phrase, using a printer that was connected to the computer through WiFi.

But then the user noticed a random file on their computer that led them to a Twitter account run by Ledger Secure, the fake Ledger app.

Hackedzec’s story surfaced just a few days after Harry Denley, the director of security at MyCrypto, discovered that “Shitcoin Wallet”, a browser-based Ethereum wallet that is listed on Google Chrome’s Web Store, was also malicious. Denley found that Shitcoin Wallet stole users private keys, as well as login information for sites such as Binance.

 

Google’s listing of the malicious applications also comes at the same time as it overturned a brief ban against MetaMask, the browser-based Ethereum wallet interface, on its Google Play Store. Google claimed in late December that MetaMask had violated its terms of service for financial apps; it linked MetaMask to mobile mining. MetaMask claimed it wasn’t a mining app, and its ban has subsequently been overturned.

Google might not have a problem with crypto industry—but, after all the bad press, the industry is definitely starting to ask questions about Google.

https://decrypt.co/15803/a-malicious-google-chrome-extension-cost-one-user-16000

 

ecosystem for entrepreneurs

 

 

© Markethive Inc.