Fraudulent web browser extensions that steal cryptocurrency are on the rise, according to researchers from MyCrypto. The researchers found that fraudsters are using paid advertising campaigns to get their products to the top of Google search results, resulting in an increasing number of unsuspecting users downloading them and having their crypto stolen as a result.
Threats on the Rise
The fraudulent browser extension hack has been known about for some time (we have been reporting on such scams since late 2018), and the endeavor has clearly been profitable enough for hackers to expand the enterprise. MyCrypto researchers found that all the major wallet providers were targeted, from hardware wallet makers Ledger and Trezor to software wallet makers Jaxx, Exodus, and Metamask.
The hackers use Google adverts to sell fraudulent browser extensions, claiming that they are addons that will allow for easy interaction with the wallet. Crucially however, the links seldom, if ever, take the user to the official app store for that browser, instead downloading it directly from the hackers.
Don’t Fall for the Reviews
MyCrypto reports that hackers are phishing for secrets, such as mnemonic phrases, private keys, and keystore files. The user is asked to enter these details in the setup process, which the hackers will then use to remotely access the wallet and empty the account.
Those that do make it to the app stores often come with a large number of five-star reviews, all of which are falsely submitted by a network of fake reviewers in an attempt to make the app seem legitimate. However, the reviews are often short (less than 10 words), generic and very similar, making it clear that they have been fabricated.
Ledger Targeted the Most
MyCrypto suggests that the numbers have increased dramatically in 2020 alone, although this could be down to improved detection methods as well as an increase in threats:
They also claim that Ledger is the most targeted brand, with the reasoning potentially down to its popularity:
What we know for sure is that it’s working – only two weeks ago, an XRP holder lost all her holdings when she installed a fraudulent Ledger extension for the Chrome browser.
Our advice is to avoid all browser extensions if possible, but if you must install one, make sure you access it from the official website of the wallet maker and not through any adverts.