Over 60 Chrome browser extensions have been stealing private keys from the cryptocurrency wallets of users, Harry Denley revealed. Denley is a security researcher and director of security at MyCrypto, an open-source tool for generating ether wallets and handling ERC-20 tokens.
In April, Denley reported that 49 fake Chrome browser extensions were posing as legitimate cryptocurrency wallet extensions. These fake extensions had in them malicious code that stole non-public keys, mnemonic phrases, and keystore information. Denley notes that these fraudulent extensions appear to be of Russian origin, and even had a network of fake 5-star user ratings or positive feedback.
The most attacked wallet was Ledger, which accounted for almost 57% of the malicious browser extensions. Trezor, Jaxx, Electrum, Myetherwallet, Metamask, Exodus, and Keepkey were other cryptocurrency wallets targeted by the fake Chrome browser extensions. Chrome subsequently removed these 49 phishing browser extensions.
Earlier this week, Denley and his team reported another 22 fraudulent extensions. Most of these have since been removed by Chrome.