17 April 20, 11:20
Quote:Large campaigns that are spreading malicious browser extensions are abusing Google Ads and well-known cryptocurrency brands to draw in victims.
Extensions can be installed to add widgets or other functionality to web browsers; they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation. This group also includes things such as ad blockers and security scanning – and cryptocurrency wallet/mining/trading shortcuts.
Researchers from MyCrypto recently found several fake extensions that purported to be of use to cryptocurrency users, for offer inside Google’s web store (now removed). In reality, they harvested information that could be used to take over crypto-wallets and drain accounts – specifically, mnemonic phrases, private keys and keystore files, according to the researchers.
To lure victims to their nefarious wares, the extensions impersonated legitimate brands, including Electrum, Exodus, Jaxx, KeepKey, Ledger, MetaMask, MyEtherWallet and Trezor; and were being promoted via a malvertising campaign that takes advantage of Google Ads.
“Whilst the extensions all function the same, the branding is different depending on the user they are targeting,” according to the analysis, published on Tuesday.
Read more: https://threatpost.com/malicious-google-...et/154832/