Published on April 25th, 2014 📆 | 6625 Views ⚑


Chrome Extension Could Be Vulnerable to Cryptocurrency Malware
The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store for free downloads and developed by "TheTrollBox" account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions.

[adsense size='1']
It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users’ web activity and looks for those users who go to Cryptocurrency exchange sites such as Coinbase and MintPal.
After realizing that the user is performing a transaction in digital coins, the malicious extension replaces the receiving address, where the user is trying to transfer his Cryptocurrency, with the a different BTC address of its own (attacker's bitcoin address)
The same happened to a Reddit user, who had been reported this activity from the Cryptocurrency exchange MintPal in a withdrawal confirmation. After then he posted a Warning about the rogue extension on Reddit, advising all to “Be careful of what you install on your devices you use to access your wallets.”
TheTrollBox, the developer of malicious 'Cryptsy Dogecoin (DOGE) Live Ticker' Chrome extension has also developed 21 more similar extensions, which are currently available on Google Chrome Store. These Chrome extensions  also could be susceptible to have malicious code, and Google has not taken any action against the reported chrome extensions.

If you have installed any of the followings extensions, then you should remove them as soon as possible:

  1. Cryptsy MOON
  4. Cryptsy DOGE
  5. Cryptsy LOT
  6. Coinbase BTC
  7. MTGox BTC
  8. BTC-E BTC
  9. BTC-E LTC
  10. BTC-E PPC
  11. BTC-E NVC
  12. BTC-E NMC
  13. BTC-E FTC
  14. BTC-E XPM
  15. Bitstamp BTC
  16. BTCChina BTC
  17. OKCoin BTC
  18. OKCoin LTC
  21. BitcoinAverage BTC
As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Due to an increase in the value of digital coins, cyber criminals has added it in their watchlist and making every effort to steal your virtual money.
[adsense size='1']
We have seen Android malware distributed by cyber criminals on Google play store that have hidden Coinkrypt malware, which had capability to turn your mobile device into crypto-currency miners, also cybercriminals spreading malware through Home appliances in order to mine virtual currencies, and now they are started editing software extensions with malicious codes to grab users digital coins.


Tagged with:

Comments are closed.