Ethereum Wallet on the Chrome Browser Has a Malicious Java Script to Steal Users’ Private Keys

In the latest news, a Google Chrome extension has been injecting malicious JavaScript on several webpages for stealing private keys and passwords from users’ cryptocurrency portals and wallets.

This extension dubbed as “Shitcoin Wallet” was launched last month on December 9, 2019. As per the wallet specifications, this wallet can manage users’ ETH tokens along with other ERC-20-based tokens on the Ethereum network, issued through ICOs.

The Chrome extension of the Shitcoin Wallet can manage users ETH and ERC-20 tokens directly from the browser. Besides, the wallet also offers a Windows desktop application if they are willing to manage funds from outside the browser.

However, on December 31st, Harley Denley - the director of security at MyCrypto Platform found that the wallet extension carries a malicious code. He found that the extension sends the private keys of all wallets created and managed through its interface. It then sends these private keys to a third-party website.

Thus, Denley stated that any funds managed directly through this extension are at a risk of getting lost. Secondly, Denley found that the extension is harmful in a way as it injects a malicious JavaScript code as users navigate to other popular cryptocurrency platforms.

This code then steals users’ login credentials and private keys and sends the data to a third-party website erc20wallet[.]tk.

According to Denley, this malicious code can severely affect platforms like Ethereum interface MyEtherWallet, crypto platform Binance, decentralized exchange IDEX, SwitcheoNetwork, and NEO site NEOTracker.

So far, the Shitcoin Wallet has over 600 installs and surprisingly, it is still available on the Google Chrome Web Store for downloading.

Much recently, Ethereum applications have been going through a number of issues. Decentralized app browser and leading Ethereum wallet MetaMask recently said that its Android client has been suspended from the Google Play App Store.

However, the tech giant responded saying that MetaMask had violated Google’s financial services policies that includes a special clause of blockchain applications that enable crypto mining on mobile devices.

Recently, Google-owned YouTube has been deleting several channels related to Bitcoin and cryptocurrencies. Apart from Google, Apple has also been eliminating the use of Apps from the Google Play Store.