Google recently removed 49 phishing Google Chrome web browser extensions later receiving reports nearly their action.

Harry Denley, director of security at cryptocurrency wallet startup MyCrypto, explained in an April xiv Medium post how he got the extensions removed from Chrome'south store within 24 hours with the assist of phishing-specialized cybersecurity firm PhishFort.

The removed extensions include ones that targeted the owners of hardware wallets produced by Ledger, Trezor and KeepKey, and users of software wallets Jaxx, MyEtherWallet, Metamask, Exodus and Electrum.

The extensions triggered the users to enter the credentials needed to admission the wallet — such equally mnemonic phrases, private keys and keystore files — and sent them to bad actors. Hackers were and so able to steal the crypto assets contained in the wallets.

Some of the extensions too had fake v-star ratings in the Chrome extension store, but the reviews independent little to no info ranging from "good," "helpful app" to "legit extension."

One of the extensions reportedly had the same review copied and pasted eight times by different users. The copypasta included an introduction to Bitcoin (BTC) and explained why MyEtherWallet — the extension's targeted wallet — was the preferred wallet option. It is worth noting that MyEtherWallet does not actually back up Bitcoin.

One bad thespian controlled virtually extensions

The investigation uncovered 14 command servers behind all the extensions, but fingerprinting assay revealed that some of the servers were managed by the aforementioned bad actors, with the oldest domain beingness linked to many other control servers. Denley later on concluded that the same bad actors were backside most of the extensions.

Some of the domains used in the phishing campaigns were relatively former, simply 80% of them were registered in March and April 2022. Most of the extensions were published on Chrome'southward shop this month.

Not the first phishing extensions targeting crypto users

This is not the outset fourth dimension that the community has discovered a malicious Google Chrome browser extension targeting crypto users. As Cointelegraph reported in belatedly March, a Redditor warned the customs that he lost some crypto assets after falling victim to a faux Ledger extension.

Google Chrome extensions targeting crypto users are and then common, that before this month MyEtherWallet warned its user that its official extension was removed for allegedly containing malware. Fortunately, the extension was restored shortly after the team contacted Google to solve the issue.

Brett Callow, threat analyst at cybersecurity firm Emsisoft shared some advice on how to avoid falling victim to such phishing attempts:

"Security products may detect malicious extensions, but the starting time line of defense force should ever exist mutual sense. The best advice is to only install extensions from official stores and to practise a little enquiry prior to installing them. If a website randomly prompts you to 'Click 'let' to go along downloading an important browser update,' only close the page."