Powered by

Inside money, markets, and big tech

Google distributed malicious Chrome app designed to steal your cryptocurrency



Be wary if you come across ads that promote an airdrop, distributing tokens for popular cryptocurrency exchange desk Huobi: the offer might be fake, and you might be getting swooped into an elaborate ploy designed to steal your coins.

Security researcher Harry Denley, who maintains popular anti-phishing database EtherscamDB, has unearthed a phishing campaign that tricks victims into downloading a malicious Chrome extension, programmed to get a hold of your wallet‘s private keys.

What makes the attack vector particularly sneaky is that the Chrome extension – called NoCoin – was disguised as an app to block surreptitious cryptocurrency mining (also known as crypto-jacking). Indeed, the malicious extension looks pretty much identical to popular crypto-jacking blocker, MinerBlock.

Credit: MyCrypto

To get users to download the infected extension, the hackers built a fake ERC20 token named after Huobi. The token was distributed via a website, which despite claiming to be an airdrop platform, invited visitors to download the malicious app.

Once installed, the fake mining blocker targeted users of wallet solutions MyEtherWallet and Blockchain.com.

The malicious extension had been downloaded by at least 230 users, according to screenshots provided by Denley. Fortunately, Google has since wiped it from the Chrome Web Store.

For the record, this isn’t the first time hackers have managed to sneak malware past Google’s defensive mechanisms. Last year, an investigation by Hard Fork found Google hosted a disturbing amount of cryptocurrency malware on its Android software distribution platform Google Play.

For those interested in a closer look at the elaborate phishing scam, Denley has detailed it in a Medium post here.

Did you know? Hard Fork has its own stage at TNW2019, our tech conference in Amsterdam. Check it out.

Published March 15, 2019 — 11:45 UTC

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.