In line with a recent official ‘web-blog post‘ by a security researcher, Google Chrome browser extension spamming several users into participating in a faux airdrop from cryptocurrency exchange Huobi claimed over 200 victims.
The NoCoin extension for Chrome browser, was able to gain around 230 downloads before Google deleted it, in line with Harry Denley, who operates cryptocurrency scam database named ‘EtherscamDB’.
Denley added that the hackers had designed the malicious extension to seem alike a tool securing users from cryptocurrency malware or so-called ‘cryptojacking‘.
“From the beginning, it looked like it did what it should – it was absolutely detected [sic] numerous Crypto Jacking scripts […] and there was a nice UI to let me aware, it was doing its job,” he explained within the official web-blog post.
Behind the scene, however, it became apparent the extension requests the input of personal keys from renowned wallet interfaces MEW [MyEtherWallet] along with Blockchain.com. Personal keys are then sent to hackers, who can empty wallets of holdings.
The extension lay at the tip of a faux giveaway campaign, apparently from cryptocurrency exchange Huobi exchange, that offered worthless ERC20 Ethereum network-based tokens to unwitting clients.
However, It’s still unknown for how long the extension remained listed for the Google Chrome users.
As reported earlier, bad actors targeting ‘cryptocurrency‘ users have sought progressively wicked ways of tricking novices into managing over access to funds. Just earlier this week, a report discovered cryptojacking as a sign of progressively discreet behaviour among ‘hackers‘.
Google itself has been vulnerable for its own apparent lack of diligence as seen within the past, when earlier in Feb. a ‘faux version‘ of renowned decentralized app MetaMask was found from its ‘Play store‘.