Be wary if you come across ads that promote an airdrop, distributing tokens for popular cryptocurrency exchange desk Huobi: the offer might be fake, and you might be getting swooped into an elaborate ploy designed to steal your coins.
Security researcher Harry Denley, who maintains popular anti-phishing database EtherscamDB, has unearthed a phishing campaign that tricks victims into downloading a malicious Chrome extension, programmed to get a hold of your wallet‘s private keys.
What makes the attack vector particularly sneaky is that the Chrome extension – called NoCoin – was disguised as an app to block surreptitious cryptocurrency mining (also known as crypto-jacking). Indeed, the malicious extension looks pretty much identical to popular crypto-jacking blocker, MinerBlock.
To get users to download the infected extension, the hackers built a fake ERC20 token named after Huobi. The token was distributed via a website, which despite claiming to be an airdrop platform, invited visitors to download the malicious app.
Once installed, the fake mining blocker targeted users of wallet solutions MyEtherWallet and Blockchain.com.
The malicious extension had been downloaded by at least 230 users, according to screenshots provided by Denley. Fortunately, Google has since wiped it from the Chrome Web Store.
For the record, this isn’t the first time hackers have managed to sneak malware past Google’s defensive mechanisms. Last year, an investigation by Hard Fork found Google hosted a disturbing amount of cryptocurrency malware on its Android software distribution platform Google Play.
For those interested in a closer look at the elaborate phishing scam, Denley has detailed it in a Medium post here.
Published March 15, 2019 — 11:45 UTC