There is a Chrome Extension Shitcoin Which Can Steal Your Crypto-Keys
The world of the Internet is vast and there are plenty of interesting tools and extensions. Some of these tools and extensions can be trusted, while a handful of these tools cannot be trusted.
Recently, we have come across a similar tool called the Shitcoin which was released on the 9th of December. This particular extension was initially designed to secure Ethereum coins and ERC20 digital tokens. For those of you who aren’t aware of these tokens, these tokens help with the ICO.
Sadly, the wallet app isn’t something that the organization’s CEO has promised the users that it will be. According to Harry Denley who is currently working as the Director of Security at the MyCrypto platform, the Ethereum wallet Shitcoin contains a malicious code which injects itself in different website unannounced. Denley also sheds light on the fact that the extension is harmful to people who rely on the wallet to secure any funds in the form of Ethereum coins or ERC20-based tokens.
Denley exposed a shocking reveal that the Shitcoin wallet is capable of sending private key information of all its wallets to a third-party website located at the following address: erc20wallet[.]tk.
- Users install the Chrome extension
- When users navigate to any of these 77 sites, the extension loads and injects an additional JS file from https://erc20wallet[.]tk/js/content_.js
- This JS file contains obfuscated code [deobfuscated here]
- The code activates on five websites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
- Once activated, the malicious JS code records the user’s login credentials, searches for private keys stored inside the dashboards of the five services, and, finally, sends the data to erc20wallet[.]tk
There is no clarity yet whether this code on Shitcoin Wallet has been installed by the company itself or a third party, but one thing is for sure, this particular Chrome extension has been compromised.
It is best advised that a user should first scan the website using a tool such as VirusTotal.
Do you enjoy reading this informative piece? If you did then please do let us know what you think. We await your feedback.