This Chrome Extension Was Caught Stealing Passwords and Keys

Shitcoin Wallet is an extension for Google Chrome that lets users create their own crypto wallet and manage it through their browser. There is also a Windows app if users want to manage their coins and wallet outside the browser’s environment.

The extension’s blog post reads:

Your wallet is 100% secure and you don’t need to worry about assets loss due to any hacker attack to ShitcoinWallet servers. Currently ShitcoinWallet is supported on Chrome.

However, cybersecurity expert Harry Denley has discovered that the extension contained malicious code and was stealing passwords and private keys for wallets.

The extension would inject a malicious JavaScript code once a user would navigate to a cryptocurrency management platform. This code would steal the user’s login credentials and private keys and send them to a third party website erc20wallet[.]tk

As of now, it is unclear whether the Shitcoin Wallet developer team created the extension to steal private keys or if it was compromised by a third party. The developer team has not responded to a request for comment.

The malicious extension has now been removed from the Chrome Web Store, but it has reportedly gained over 625 installs already.

Users are advised to remove the extension immediately until further notice.


The PSL 2020 is almost here! Want to know everything about it? Visit the pages below (Live stream will be available when the matches begin).
PSL Live Streaming PSL Points Table | 2020 PSL Teams PSL 2020 Schedule PSL 2020 Highlights PSL 2020 Statistics


>