Chrome extension could steal credentials and private keys cryptocurrency wallets

Google has removed a Chrome extension masquerading as a cryptocurrency wallet from its browser. The application erases passwords and private keys from other online crypto wallets. It was mainly about Ethereum.

The application was called Shitcoin Wallet and has since been removed from Chrome. However, the website is still up and running. The extension has been available for download since early December. The extension had been downloaded 625 times there. Shitcoin Wallet was a cryptocurrency wallet that allowed users to manage their Ethereum and Ethereum ERC20 tokens. A security researcher from MyCrypto discovered that the extension actually also contained code that attempted to steal coins from other cryptocurrency platforms.

The extension did that by injecting infected JavaScript code into the browser when the user visited a particular website. This concerns 77 websites, mainly news websites from America, Australia and New Zealand. That code was only deployed when users went to one of five major cryptocurrency websites, such as Binance or NeoTracker. When a user logged in there, the extension stole login credentials, as well as private keys from crypto wallets that users had on those websites. The data was then forwarded to a command-and-control server.

A desktop application of Shitcoin Wallet was also available. The security researchers have not found similar code in neither the 32-bit nor the 64-bit version. According to ZDnet, several users of the application on social media are complaining that strange code seems to be running in the app.