Saha Swatilakha
Another day, another crypto attack. In a shocking incident, a cryptocurrency investor, known as “Sell When Over” on X, lost $800,000 in crypto to two malicious Google Chrome browser extensions, named “Sync test BETA (colorful)” and “Simple Game”. The user suspects that these extensions contained keyloggers that targeted specific wallet extension apps.
The user speculates in a series of posts on X, that the issue started after Google Chrome released an update last month, which forced the user to restart their computer after Windows released a PC update. Following the restart, all of the user’s extensions on Chrome were logged out, and all their tabs were gone, prompting the user to re-enter all their credentials on Chrome, along with their seed phrases for their cryptocurrency wallets.
This is when their confidential information was compromised via the keylogger, with the funds reportedly drained three weeks after this event. The user did not notice any unusual activity in their browser following the restart. “I checked my virus scanner and there were no issues. No additional weird extensions appeared. I proceeded to re-import my seed phrases,” the user wrote. The user only discovered the malicious Google Chrome extensions during a later investigation. The attackers reportedly sent the funds to two exchanges, MEXC and Gate.io.
While the user remained unsure how exactly their Google Chrome browser was compromised, their analysis confirmed that the Sync test BETA (colorful) extension was a keylogger, sending data to an external website’s PHP script. The attacker’s website, when opened manually, shows a blank page with only “Hi” written on it. Meanwhile, the “Simple Game” extension was “checking if tabs are updated/open/closed/refreshed,” the user added.
In conclusion, while browser extensions can greatly enhance user browsing experience, they also pose potential threats to user security and privacy. It is crucial to be vigilant when installing new extensions, regularly review installed extensions, and only download from trusted sources. By adopting best practices for browser safety and utilizing reliable security software, users can significantly reduce their risk of installing malicious software onto their devices and enjoy a safer online experience.
