Search engine giant Google (NASDAQ:GOOG) has reportedly removed several Chrome browser extensions that were impersonating widely-used cryptocurrency wallet service providers, including popular hardware wallet maker Ledger and MetaMask.
This update has come about a month after Google removed around 50 similar extensions, according to a recent report from Sophos, a cybersecurity company.
On May 9, 2020 Naked Security, a news media outlet managed by Sophos, revealed that Google had removed 22 more malicious Chrome extensions – which were flagged by Harry Denley, an internet security researcher working at MyCrypto, a popular digital asset wallet provider.
It seems that these fake extensions have been appearing almost as fast as they are being identified and removed. In April 2020, the firm had to take down 49 other malicious extensions after Denley pointed them out in a company blog.
Denley said that these extensions had been falsely claiming to be associated with MyEtherWallet, Trezor, Ledger, MetaMask, and Electrum wallet providers.
A fake extension may create a user experience that closely resembles one of these legitimate services, in an attempt to trick unsuspecting users into giving up their passwords and private keys and/or seed / mnemonic phrases.
These types of scams have been going on for a long time. As reported by Cisco’s Talos cybersecurity team in early 2018, a Ukrainian hacker group, called Coinhoarder, had allegedly stolen over $50 million in digital currency from users of the popular Blockchain.info wallet (now accessible from Blockchain.com).
Cybercriminals had carried out the heists by buying Google Ads which were related to commonly-used keywords in searches for Bitcoin (BTC) and other cryptocurrencies.
When users searched for these words, which reportedly included searches like “Bitcoin wallet” or “blockchain,” they were shown fake website links. These sites contained “spoofed” links with misspelled words or other symbols inserted like “block-chain.info” and “blockchien.info/wallet.”
Many users had clicked these links and were taken to websites that looked similar to the legitimate ones. Users then entered in their private passwords on these fraudulent sites, and the hackers took their personal details to access their actual crypto wallets and cleaned out their accounts.