Crypto users were left vulnerable via fake Google Chrome extension

Cryptocurrency users have discovered a malicious Google Chrome extension designed to steal funds by manipulating websites’ cookie data.

Binance trader “doomxbt” first noticed the issue in February after noticing losses of $70,000 related to suspicious activity. The attacker initially deposited the stolen funds on the AI-powered cryptocurrency exchange SideShift.

Tuesday was the culprit reportedly linked to a fake Aggr app extension on Google’s Chrome Store. Unlike the legitimate app Aggr which provides professional trading tools such as on-chain settlement trackers, the malicious version included code to collect all website cookies from users, allowing hackers to reconstruct passwords and user keys, especially for Binance accounts.

Inadequate due diligence by cryptocurrency influencers or an elaborate scam?

Once the fake Aggr app was available on the Chrome Store, hackers launched a social media campaign to encourage downloads.

The developers hired a network of influencers to promote the malicious software in a process known as “shilling.” Social media accounts populated timelines with commercial buzzwords to convince users that the tool was needed.

In this case, these influencers have forgotten the popular crypto chant “do your research” AKA “DYOR”, or have ignored it. It is not known whether the promoters knew that the fake Aggr made users vulnerable or whether the social media accounts profited from the attack.

Following the incident, crypto.news reached out to a few promoters for comment, but at least one blocked the request.

This incident is part of a larger trend, as similar attacks using Chrome extensions have occurred recently. Last month, a trader lost over $800,000 in digital assets interacting with two malicious Chrome browser extensions. DYOR e users are advised to double-check any application before downloading it onto their devices.

Fuente