Bitcoin Forum
March 01, 2021, 04:35:57 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: FAKE BROWSER EXTENSIONS TARGETING YOUR LEDGER, TREZOR, METAMASK WALLETS.  (Read 175 times)
Banadony
Member
**
Offline Offline

Activity: 154
Merit: 10


View Profile
April 14, 2020, 11:21:21 PM
Merited by vapourminer (2), Goodvalony (2)
 #1

It is important to note that hackers are trying every possible means to steal your cryptocurrencies. apart from the regular exchanges that has been major targets for them. there are other means of getting access to your cryptocurrencies without your permission. different attacks keep increasing toward crypto users. from bi-literal trading scams to sim hijacking and it is not stopping.

Another means of stealing funds been perpetuated by these hackers includes creating a fake browsers extension.
FAKE BROWSERS EXTENSIONS: These are ways by which a hacker launched a browser extension on web browsers. when you install such extension to your web browser and provides your secret details to such account, your information are collected by the hacker and your savings are been exposed. the targeted wallets for this operations are the
Ledger wallet, Trezor wallet, Jaxx wallet, Electrum wallet , Myetherwallet, Exodus wallet and Keepkey wallet.

Hacking Methods applied by these extension is PHISHING. The aims is to get your secret Keys, mnemonic phrases, private keys and keystore files. Once you download this Fake extension and enters your details, it sends an HTTP POST request to its backend. I.E sending your informations to the designers of such malicious apps.

MODE OF INSTALLATIONS: Most apps appears on our google search for most of us that uses google search engine. the picture below is a perfect example.

https://imgur.com/a/WoHyPJX

https://imgur.com/a/WoHyPJX

Lets make it clear Guys. One thing is certain. whatever browser you are using to access the internet, all of them are into business and are making money. these Hackers can spend huge money in marketing their fake products. they pay marketing companies huge money to market their brands. they also have a huge number of people that post positive feedback from using these app. The google platform is also an open source and also everyone to taste and upload withever content he/she has making it a easy target for users that failed to verify app properly before using.

As of today, the number of fake cryptocurrency extensions hitting the our browsers are gradually increasing. Reports has it there is a 63% increase of fake browsers extension this APRIL 2020. We might see more. Ledger wallet remains the top most hit.

SAFETY

To stay save, There are ways by which we can avoid these extensions.
1; make sure you install trusted extension from wallet providers by visiting their website or social media platform to get directions on what to install and how to install. AVOID THE "i think i know everything" to avoid loosing your funds.

2; know the permissions that is been assigned to the extensions in your browser. most of us uses chrome browser. better check the chrome link extension chrome://extensions/  and click the details tab to get a better understanding of the permission given to the installed extension. if you feel not save, consider removing the extension.
3; you can set up a separate browser for your crypt dealing to limit any kind of attacks on your accounts.

ANOTHER IMPORTANT means of reducing such installation is by making sure your google search doesn't allow FAKE ADS. Just like the picture below
https://imgur.com/a/WoHyPJX

IF your google search results shows ads. Kindly reset your browser to its default( chrome, explorer, opera) to remove some malicious adwares in your browser or computer. Most ads appeared as a result of adware hiding in our systems.
THIS IS VERY IMPORTANT.

you can follow this link for chrome users to resolve issues regarding Ads and fake Adverts appear in your google search.
https://support.google.com/chrome/answer/2765944?visit_id=637225009087907484-1666743145&rd=1

Thanks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
coupable
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 570


View Profile
April 14, 2020, 11:58:29 PM
 #2

Great topic. Thank you op for sharing the info.
It's important to know that browser extentions in general are not that safe if you use the navigator to access or manage your crypto wallet or if you use the same device to store crypto and use it for daily tasks.
I would always recommend to manage funds in an offline device or in an independant one. A separate device for crypto dealings is safe than to think about just a separated navigator in the same device .
arbiter5
Member
**
Offline Offline

Activity: 202
Merit: 96

CSW is a fraud.


View Profile WWW
April 15, 2020, 01:08:21 AM
 #3

Sorry, but don't we have like more than a dozen topics concerning browser extension scams already? At this point it's getting super redundant that people are pretty much creating the same topics over and over again for the sake of merits.

"The cybereconomy could well be the greatest economic phenomenon of the next thirty years."
— The Sovereign Individual
UserU
Full Member
***
Offline Offline

Activity: 868
Merit: 170


VGOSKINZ.COM - Best Paying BTC Sites and Exchanges


View Profile WWW
April 15, 2020, 04:53:30 AM
 #4

Sorry, but don't we have like more than a dozen topics concerning browser extension scams already? At this point it's getting super redundant that people are pretty much creating the same topics over and over again for the sake of merits.

Touche. As if as we don't have other non-crypto scams to worry about Cheesy

Kemarit
Legendary
*
Offline Offline

Activity: 1918
Merit: 1288



View Profile
April 15, 2020, 07:29:34 AM
 #5

Someone already shared it here, Fake Electrum, MEW and Meta Mask. Lately though, it looks like cyber criminals are targeting chrome web store extensions, so everyone should be careful. If you found someone, just simply report it so that you can stop it from harming crypto enthusiast, specially newbies. Also you can install adBlock or uBlock.

.
.Duelbits.
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
▄▀▄
█   █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█▀▀▀▀▀█
▀█▀█▀
█▄█
█▄█
▄▀▄
█   █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█ █ █
█▀▀▀▀▀█
▀█▀█▀
█▄█
█▄█
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀
 ▀▄    ▄▀▀
Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█
█  █    █    █  █  █ █
Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █
█     ▀▄▀     █   ▀▀  █
Blackjack
.
▄▄▀█████▀▄▄
▄▀▀   █████ ▄▄▀▀▄
███▄  ▄█████▄▀▀▄███
██████▀▀     ▀▀██████
█ ▀▀██▀ ▀▄   ▄▀ ▀██▀▀ █
█    █    ███    █    █
█ ▄▄██▄ ▄▀   ▀▄ ▄██▄▄ █
██████▄▄     ▄▄██████
Roulette
.
█▀▀▀▄             ▄▀▀▀█
█ ▀▄ ▀▄         ▄▀ ▄▀ █
▀▄ ▀▄ ▀▄     ▄▀ ▄▀ ▄▀
▀▄ ▀▄ ▀▄  ▀ ▄▀ ▄▀
▀▄ ▀▄ ▀▄ ▀ ▄▀
▄ ▀▄ ▀▄ ▀▄  ▄
█ ▀▄ ▀▄ ▀  ▄▀ █
▄▀▄ ▀▄ ▀ ▄▀ ▄▀▄
Dice Duels
iCrypto2
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
April 15, 2020, 10:38:52 AM
 #6

Do we have a depository thread that shows or provides a consolidated and updated list of all suspected or confirmed fake browser extensions (targeting your crypto), that's been verified by bitcointalk users?

If not, maybe we could create one by simply combining other threads of the same topic, just to simplify the consolidated info if that's possible.
joniboini
Legendary
*
Offline Offline

Activity: 1218
Merit: 1486


Be careful of impostor. Ask for a signed message.


View Profile
April 15, 2020, 11:26:34 AM
 #7

I don't recall threads like that (or maybe missed it). You can create it if you want to, but I doubt it will be effective. Sometimes it will get ignored and the irresponsible OP will say "sorry I didn't know somebody posted it before" or point out a very small difference on the content that doesn't actually matter at all. Just because they want to get more attention by creating new topics.

       ▀█████████████████████
            ▀▀██████
    ▄▄
▀████▄▄  ▀████
  ▄████▄
▀█████▄  ▀███
 ████▀▀
   ▄██████  ▀███
████▀
   ▄████▀████  ████
████  ▄█▄
▀█▀  ████  █████
████▄████▀
   ▄████  ████
 ██████▀
   ▄▄████  ▄███
  ▀█████▄
▀████▀  ▄███
    ▀▀████▄
▀▀  ▄████
            ▄▄██████
       ▄███████████
████████████████████████████████████
.
FUN TOKEN
.
██████████████     ██████████████████████
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
FreeBitco.in Adopts FUN Token for
Premium Membership Program
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████
.
██████████
 ██████████
  ██████████
   ██████████
    ██████████
     ██████████
      ██████████
     ██████████
    ██████████
   ██████████
  ██████████
 ██████████
██████████

          ▄
      ▀▄  ▀  ▄▀
 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█████████████████████
██  ▄▄▀█  ██ █  ██ ██
██  ▄▄▀█  ██ ██▄ ▄███
██  ▀▀▄█▄ ▀▀▄███ ████
█████████████ ▄▄▄ ▀▀█
 ▀▀▀▀▀▀▀▀▀▀▀▀ ▐████▄▄
      ▄▀  ▄    █████▄
          ▀     ▀ ▀███
                    ▀
.
41M Users to Buy and Hold
FUN for Premium Benefits
.
.Learn More.
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1218
Merit: 5781


Wear a mask, slow the spread


View Profile
April 15, 2020, 03:02:00 PM
Merited by DdmrDdmr (1)
 #8

Do we have a depository thread that shows or provides a consolidated and updated list of all suspected or confirmed fake browser extensions (targeting your crypto), that's been verified by bitcointalk users?
Such a list would be irrelevant and almost immediately inaccurate.

First of all, there is no way to possible list every malicious browser extension. There are far too many. Listing all the confirmed malicious ones would lead to newbies getting a false sense of security when installing one which isn't on that list.

Secondly, keeping such a list up to date would be similarly impossible. There are plenty of examples of software, apps, extensions, add-ons, etc. which started out honest, and after they had been downloaded enough times, the developer quietly pushed a malicious update which was auto-downloaded on to thousands of devices. There are also plenty of examples of develops adding malicious code to various libraries or dependencies which honest software will pull from.

Your default position should be that every browser extension is potentially malicious and poses a risk to both you, your data, and your cryptocurrency. You should only be using open source extensions which are absolutely necessary, such as uBlock Origin and HTTPS Everywhere. The vast majority of browser extensions are simply unnecessary.

DdmrDdmr
Legendary
*
Offline Offline

Activity: 1148
Merit: 4774


#eshoradebitcoin


View Profile WWW
April 15, 2020, 04:22:37 PM
 #9

Google just recently took down 49 Crypto-Stealing Chrome Extensions from Google's Store. Many of these were publicized through Google Ads (nice tightly-coupled ecosystem here), which kind of lead to the thread been pulled, whereas that is not often going to be the case, and they will be placed and replace on the store without too much effort.

The article sounds like a "big" bust, but it’s probably a one-off, or a once-in-a-while type of bust, being the greater part dealt by individuals reporting them, and thus, after someone likely has gone and installed the extension to act in all it’s splendour.

Interestingly enough, the above linked article point to the basis of the bust being PhishFort, who highlights the modus-operandi of these crooked extensions (see https://www.phishfort.com/blog/chrome-extension-phishing). Most of those 49 extensiones seemed to be run by the same guy/group, who would send the phished data to a common set of backends and/or a GoogleDocs form. Ledger was the most targeted type of wallet (57% of the 49 reported extensions). A drop in the ocean probably ...

libert19
Sr. Member
****
Offline Offline

Activity: 1330
Merit: 265


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
April 16, 2020, 04:25:50 AM
 #10

Aside from resetting browser, use adblocker to get rid of ads.

BayAngelo
Member
**
Offline Offline

Activity: 658
Merit: 17


View Profile
April 16, 2020, 06:04:21 AM
Merited by Banadony (1)
 #11

i wish people can continue to understand that daily, new method of hacking are been targeted to internet users. in such case everyone should always know the latest update from wallet extensions been used. most times, these hackers successfully maneuvered the real but applications. always remember to update up browser to stay up to date on current extensions.

  ●   RiveMont   ●
 ❰❰❰❰❰❰  RVMT  ❱❱❱❱❱❱ 
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  DeFi token  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!