Crypto malware targeting MyEtherWallet claims 230 victims

Getting your Trinity Audio player ready...

A cryptocurrency malware targeting Blockchain.com and MyEtherWallet users was downloaded over 200 times before Google deleted it. The malware presented itself as a tool to prevent the users from cryptojacking malware.

The malware, which disguised itself as a harmless Google Chrome browser extension, was discovered by Harry Denley, a security researcher behind the crypto security database, EtherscamDB.

Some 230 Chrome users had already downloaded the extension before Google took it down. On the Chrome Web Store, the extension went by the name NoCoin – Block Coin Miners.

“From the start, it looked like it did what it should — it was detected various CryptoJacking scripts (CoinHive, MinerAlt, WebminerPool) and there was a nice UI to let me know it was doing its job,” Henley wrote.

The extension required its users to input their public addresses so as to participate in the fake Huobi airdrop. For those who did, it redirected them to a fake Huobi Global site. This site prompted the users to input their private addresses. As soon as they did, the hackers would gain access to their crypto wallets and drain them immediately.

Henley further advised crypto owners to be on the lookout as such phishing scams have become worryingly common. For one, you should never “install a browser extension that has the ability to modify the DOM that you/trusted source has not audited,” he wrote. 

You also shouldn’t “blindly trust legitimate looking warnings to get you to install software.” Hackers take advantage of most people’s unwavering trust in any program that seems to be protecting them.

And lastly, you should “never enter your secrets online — always use an offline signing mechanism,” he concluded. Offline signing mechanisms such as Trezor and Ledger ensure that you have that one more layer of protection should hackers decide to target you.

Malware targeting cryptocurrencies have become quite common as cryptos increase in popularity. It has also become very versatile to adapt to the efforts of the security experts who try to stop them. As we recently reported, one new malware named Razy was able to discover crypto addresses on various websites and replace them with the hackers’ addresses. For those who don’t double-check addresses before sending a transaction, they could end up playing right into the hackers’ hands.