Security Alert: Chrome Extension Stealing Cryptocurrency Keys and Passwords
Security Alert: Chrome Extension Stealing Cryptocurrency Keys and Passwords
Security expert Bruce Schneier reports: A malicious Chrome extension surreptitiously steals Ethereum keys and passwords:
According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.
Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk.
Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. This code steals login credentials and private keys, data that it's sent to the same erc20wallet tk third-party website.
https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/
Lol, anybody that install an extension called that is just asking for it , lol