Log inRegister

Chrome Extension Could Be Vulnerable to Malware

malwareliveticker
A browser extension for Google Chrome reportedly is capable of stealing bitcoin and other altcoins from its users.Called the Cryptsy Dogecoin (DOGE) Live Ticker in the Chrome Web Store, the extension is susceptible to updates that begin monitoring visits to cryptocurrency exchanges and wallet sites.The warning about the extension was posted on reddit, along with the following advice:“Be careful of what you install on your devices you use to access your wallets.”How it steals coinsSoftware within the extension monitors web activity and looks for users who go to exchange sites such as Coinbase. During a transaction, the extension attempts to replace the receiving address with one of its own.A reddit user reported this happening in a withdrawal from cryptocurrency exchange MintPal, having had the extension installed.Extensions or add-ons that are related to cryptocurrencies are logical for malicious actors to focus on, as cryptocurrency-related software is generally used by those who hold on to coins, making themselves good targets for theft.Malware on the riseThe presence of cryptocurrency-related malware is on an upward trend. The rising value of coins, coupled with the increasing number of altcoins has essentially created a new cottage industry whereby malicious software tries to steal virtual money.Dell SecureWorks released a report in February stating that it had identified almost 150 different strains of bitcoin-related malware.Another sought-after method of malware infects a device and tries to generate coins by mining, which is not very effective given the specialized hardware now required to complete proof-of-work algorithms that reward miners.Ultimately, it ends up being a huge resource drain for users’ machines. Or, as in this instance, a seemingly useful tool like the Cryptsy Dogecoin Live Ticker ends up being used for nefarious purposes.Protecting coinsIt’s important to choose an exchange or wallet service that enables two-factor authentication. This method of verifying actions requires more than one device, which can decrease the chances of malware to make changes to transactions. Java 7 exploits continue to be an issue on PCs. Source: CiscoJava 7 exploits continue to be an issue on PCs. Source: CiscoIt might be better to simply store coins in a brain wallet or paper wallet. Bitcoin Vigil, which monitors bitcoin theft, is a concept that may be useful for thwarting thieves since even storing coins on a local machine connected to the internet has vulnerabilities.In the case of Cryptsy Dogecoin Live Ticker, it is probably better to simply stay away from add-ons and extensions because of the risks.Malware image via ShutterstockBitcoin VigilCiscoCryptsy Dogecoin Live TickerDell SecureWorksGoogle Chrome ExtensionsJavalocalbitcoinsmalwaremining malware
Original author: Daniel Cawrey