Malicious Chrome Extensions Drain $800,000 from Cryptocurrency Investor
Two malicious Google Chrome browser extensions allegedly drained $800,000 from a cryptocurrency investor going by the moniker “Sell When Over” on X.
Keyloggers Targeting Wallet Extension Apps
In a series of posts on X, the user speculated that the malicious extensions dubbed “Sync test BETA (colorful)” and “Simple Game” possibly contained Keyloggers that target specific wallet extension apps.
Chrome Update Triggers Security Breach
According to the user, the issue initially surfaced after Google Chrome released an update last month. The user, who had been delaying the Chrome update, was forced to restart their computer after Windows released a PC update.
Investigation Reveals Malicious Activity
It was only during a later investigation that the user discovered the two malicious extensions on their system. Further, their browser also had Google Translate set up to auto-translate to Korean.
Lessons Learned
“This is a $800k costly mistake — lesson is if anything seems off such that it prompts you to input a seed, then wipe the whole PC first,” Sell When Over wrote.
History of Malicious Chrome Extensions
Malicious extensions on Google Chrome have been plaguing the cryptocurrency sector for years. In a 2023 report, cybersecurity researchers revealed that hackers were employing a chrome malware dubbed Rilide to steal sensitive data and cryptocurrency from unsuspecting victims.
As previously reported by Crypto.news, another piece of Windows malware was discovered in late 2022. It used Google Chrome extensions to steal cryptocurrencies and clipboard data.