Chrome extension “Shitcoin Wallet” is stealing data from its users

The Ethereum wallet is injecting malicious javascript code from open browser windows

That didn’t take long… we have just started the year and already we have the first data breach incident reported. Cybersecurity and anti-phishing expert Harry Denley warned about the vulnerability in a tweet a couple of days ago. It was only two weeks ago that I wrote about a leading Blockchain application platform VeChain’s wallet being compromised, apart from other high profile hacks in December.

The Chrome browser extension named Shitcoin Wallet (ID:ckkgmccefffnbbalkmbbgebbojjogffn) was launched on December 9, 2019. The link to the extension seems to have been removed from the Google Chrome Web Store at the time of publishing, as you will get a 404 (requested URL can’t be found on the server) error. The current breach adds to a similar incident a week earlier where Google removed the Ethereum wallet app MetaMask from its Google Play App Store.

According to an analysis by Denley, the malicious extension sends the private keys of all wallets created or managed through its interface to a remote third party server identified as erc20wallet[.]tk. Apart from this, all your funds in the form of ETH or any other ERC-based tokens are directly at…