More fake digital currency wallets on Google taken down

Getting your Trinity Audio player ready...

Google is taking down yet another batch of fake wallets and malicious extensions on its Chrome browser. The extensions impersonate legitimate wallets but end up stealing the victims’ private keys and their digital currencies.

Harry Denley, a security researcher for MyCrypto wallet, identified 22 extensions on Google’s Chrome Web Store impersonating a number of wallets, including Ledger, MetaMask, KeepKey and Jaxx wallets.

Speaking to Naked Security, an IT news platform by cybersecurity firm Sophos, Denley revealed that he finds new ones every day.

This takedown comes just three weeks after Denley reported 49 malicious extensions on the Chrome browser. These extensions impersonated wallets such as Trezor, Ledger, Exodus, Electrum and MyEtherWallet. As CoinGeek reported then, the extensions would steal such information as mnemonic phrases, keystore files and private keys. Denley’s research attributed most of the extensions to hackers in Russia.

Chrome is by far the largest browser globally, commanding over 70% of the market. With over 200,000 browser extensions in its Web Store, it can be difficult to police the platform. However, this is no excuse, insists Dan Finlay, the lead developer at MetaMask, a digital currency wallet. MetaMask has been one of the wallets that have seen several clones on the Web Store.

Finlay recently complained about Google’s inability to put an end to the phishing campaigns. The number of MetaMask clones on the Web Store has been growing steadily, “and apparently they all pass the manual security review. FURTHERMORE they are all allowed to buy premium Google ad space at the top of search results,” he tweeted.

MEANWHILE, Google _keeps on approving phishers_. The quantity of impostor MetaMasks on the Chrome store has been growing, and apparently they all pass the manual security review. FURTHERMORE they are all allowed to buy premium Google ad space at the top of search results.

— Dan FinIay (@danfinlay) May 5, 2020

Finlay has been reporting to Google every time he notices a MetaMask impostor, but he told Naked Security that the tech giant doesn’t do much about it. He believes that it would really help if Google could give MetaMask the ability to block other extensions from using its name.

He added, “The official MetaMask extension has over 1,000,000 users – you’d assume Google would have some sort of plan to tackle any potential fake extensions with the MetaMask branding.”

While most extensions only manage a handful of downloads, some have gone on to steal thousands of dollars from their victims. In January this year for instance, a malicious extension made off with $19,000 worth of digital currencies from its victim. The extension impersonated Ledger wallet and managed to steal 600 Zcash coins.