Connect with us

Crypto

PSA: If you own crypto and use this Google Chrome extension, delete it immediately

Is anyone surprised that something called “Shitcoin” wasn’t legit?

cryptocurrency on table with bitcoin, ethereum, shitcoin for google chrome
Image: KnowTechie

If you’re one of the hundreds of users that installed the Shitcoin Wallet extension for Google Chrome, delete it immediately. That’s because it’s also stealing your private keys and login details, as discovered by Harry Denley, Director of Security at the MyCrypto platform, on the last day of 2019.

The wallet extension promised to let users manage their Ether (ETH), cryptocoins, and other ERC20-based coins, but really it was after your crypto cash.

This Chrome extension was found stealing crypto, delete it immediately

Now, before you get the pitchforks out, just know this extension had only been installed by 600 users or so before Google yanked it from the Chrome Store. If you did install it, hopefully, you didn’t go to any of the 77 sites that the malicious code uses as a trigger.

The crypto-jacking extension has a few parts to it, before whoever is responsible for it can steal your cash:

  • The extension needs to be installed by the user
  • Once installed, the extension requests permission to inject JavaScript (JS) on 77 websites
  • Then once the user navigates to any of those sites, the extension loads an additional JS file from https://erc20wallet[.]tk/js/content_.js
  • That JS file then activates on the following sites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
  • Once activated, the extension scans for login details, private keys inside your user area of those five sites, and then sends all the data to erc20wallet[.]tk

Yikes, that’s the digital version of someone copying your housekeys… We haven’t heard that anyone has lost their crypto coins yet, but be safe out there. Don’t install sketchy looking extensions, don’t hold your crypto assets on exchanges, and set up two-factor authentication on every single account you own that has the feature.

What do you think? Surprised something called ShitCoin is actual shit? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Crypto