Google Deletes 22 Crypto Stealing Chrome Extensions

Google Deletes 22 Crypto Stealing Chrome Extensions

Last updated on November 1st, 2022 at 01:18 pm

As malicious extensions continue to spring up on the Chrome browser, Google has continued to cut them down. The tech giant deleted another 22 such extensions recently.

49 Malicious Extensions Discovered

Last month, Harry Denley, a security researcher, discovered 49 malicious Chrome extensions phishing cryptocurrency users. On first notice, Google deleted them immediately.

The extensions were camouflaged as legitimate Chrome extensions for cryptocurrency wallets. However, when they are installed, they steal the private keys of the users. They also steal access to other digital wallets to set the precedence of stealing victims’ funds through their authors.

While responding to questions from the press, Denley reveals he discovers new malicious extensions almost every day. According to him, the 22 extensions impersonated Jaxx, MetaMask, KeepKey and Ledger wallets.

Google Has Been Responsive

At the time of writing, Google has already deleted most of the offending wallets and according to Denley, the tech giant has been quite responsive.

When asked about Google’s response towards the discoveries, he said, “Yeah, they have been, for the majority. Actioned my reports within 24 hours.”

Google Announces New Rules For Chrome Store

Lately, there have been a series of problems caused by malicious extensions on the Google Chrome Web Store. As a result, Google is announcing a new change of rules to the store.

The company said the new rule will ensure that the user discovering a Chrome Web Store extension is not saddened by misleading functionalities, fake reviews or copycats.

The new rule forbids misleading metadata such as anonymous user testimonials in the descriptive sections of apps. It also prevents developers from publishing different extensions that tend to mislead users.

Google also prohibited developers from uploading extensions to launch another extension or app. The company also said the developers are not allowed to send spam notifications.

Google is giving developers until August 27, 2020, to adjust their extensions and start complying with the new rules. It says it will delete any app that doesn’t comply with the rules from that point.

It’s believed that the new rules on the extensions on Chrome Web Store were necessary to curb the high rate of malicious extensions within the Chrome store.

However, lead developer at MetaMask, Dan Finlay, has pointed out one challenge the tech giant is facing. He said Google still allows phishing ads that are directed at fake extensions, which could be a result of weakness in its manual extension review process.

Finlay reiterated that when he noticed the issue, he reported to Google, but the company has not replied. He said he had sent bug reports and trademark notices but there’s no response yet from the company. He wants a situation where Google can block other ads or extensions from using the Metamask name.

With more than 1,000,000 users of the official MetaMask extension, Google should have a strategy to block potential fake extension camouflaging as the MetaMask extension, he said.

But instead, Google has blocked most bogus cryptocurrency extensions while one fake MetaMask extension was still running with 380 users. Security researchers are advising users to always look at the reputation of developers before installing their extension. Users should also read reviews on the app’s description to reduce the risk of installing malicious extensions.


The information provided here is for INFORMATIONAL & EDUCATIONAL PURPOSES ONLY!

View our complete disclaimer on our Disclaimer Page