As per the CASA CEO, Jereme Welch, a new chrome extension has been posing continuous threats to cryptocurrencies like Bitcoins. At an event held at the Baltic Honeybadger, Welch warned the audience about the new phishing scam that can help scammers steal cryptocurrencies right away. He added, “Browser extensions impose major risks, and these risks have not been discussed until this point,” clarifying that this is a new threat from the scammers. He also warned the users not to reveal their Bitcoin addresses anywhere.
Chrome extensions are small software programs that help the users to customize their browsing experience. It also helps the users in building powerful tools that can assist in solving complex problems inside the web browsers. More precisely, chrome extensions are more like web pages that are built on technologies like JavaScript, HTML, and CSS. Chrome extensions have the power to steal the users’ data and even engaging victims in cases like click frauds. This case yet again proves that the more powerful the tools are, the more prone they are to be misused by the scammers. The chrome extension phishing is the solid example of such phishing scams.
The scammers use chrome extensions for stealing crypto by looking at browsing history of the user. Through the browsing history, anyone can bring out the users’ online habits and that includes the crypto websites that users visit quite often. Another way that the extension leaks the data to the scammers is by capturing the KYC information of the users and then passing those on to the scammers. All these happened without even getting an iota of doubt. He might be experiencing a nice background but least he knows that the browser is dumping his data. When all these fell short, spammers adhered to use a chrome extension to default users. They used a nice-looking chrome extension which also looked like an essential tool, wherein the users can check the price of the cryptocurrencies. Just as they log in with their crypto details, the spammers start capturing all the necessary data that can facilitate into the smooth stealing of all your crypto-related data.
The spammers broke into the DNS server of the wallet provider’s website, replaced their genuine address, redirected it to a phishing website, and then started stealing all their data. Another technique that the spammer use is by spreading fake token sale across the social media platforms to attract the users’ attentions. This directs the users to log into a legitimate-looking site, thereby, exposing all their details in the hands of the spammers. The malware starts stealing the users’ details like the photo on his driver’s license and then decoding the data in it by using some other software.
There is no specific solution to these as such and Welch said that the safety of the users lies in the hands of the developers. They can only make the users’ web experience safer and smoother. However, CASA is planning to undergo more security researches and encouraging the Bitcoin entrepreneurs and developers to report to them about any such mishaps.
Leave a Reply