Yet another malicious Chrome extension takes $19,000 from victim

A malicious extension on Google’s Chrome browser has robbed one crypto user of over $19,000. The extension, which goes by Ledger Secure, claims to be the official extension of the legitimate Ledger hardware wallet. The extension has since been removed from the Chrome web store.

It all started when the victim printed his seed phrase. The printer he used was connected to the computer through WiFi. He stated, “I had the hand written recovery sheet and wanted to make a printed backup, so last night instead of writing it all down again, I went to the printer and made a photocopy.”

Shortly after, he noticed a file on his computer with the title ‘”jhmmdcocjepheielbkgehfgeainjiokj’. The file led him to Ledger Secure’s Twitter account. The victim, who goes by ‘hackedzec’ on Twitter, immediately noticed he had lost 600 Zcash coins, worth $19,500 at press time.

The malicious extension appeared to have been released in December 2019. It claimed to be the official browser extension of Ledger hardware wallet and ironically, it promised to be even more secure.

Ledger Wallet distanced itself from the extension via Twitter, stating, “A Chrome extension malware has been detected called “Ledger Secure”. This is NOT a legitimate Ledger application. DO NOT use it and contact us if you’ve installed it.”

The company also asked its users to report the extension to have it removed from Chrome’s web store. Google has since taken down the extension.

Cyber-criminals have constantly targeted users of the Ledger wallet, probably because it’s one of the most popular crypto hardware wallets. In April 2019, the company announced that it had discovered a desktop phishing malware targeting its users. The malware would replace the Ledger Live desktop app with a malicious one. The malicious app would then fake an update, after which it would prompt the user to enter their 24-word recovery phrase. Armed with the recovery phrase, the attackers would wipe the account of their victim. The malware only targeted Windows users.

The news comes several days after a malicious extension was discovered on Chrome. The malware posed as a legitimate wallet, going by the name Shitcoin Wallet. According to one security expert, the wallet would steal data from its users, including login credentials. Interestingly, the wallet was also launched last month which could possibly signal resurgence in browser malware targeting crypto users.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.