Trader loses $800k in crypto to malicious Google Chrome extension
Two malicious Google Chrome browser extensions allegedly drained $800,000 from a cryptocurrency investor going by the moniker “Sell When Over” on X.
In a series of posts on X, the user speculated that the malicious extensions dubbed “Sync test BETA (colorful)” and “Simple Game” possibly contained Keyloggers that target specific wallet extension apps.
Keyloggers are malicious applications used by cyber criminals to record every keystroke of a target’s computer. This allows the attackers to access confidential information from a victim’s computer.
According to the user, the issue initially surfaced after Google Chrome released an update last month. The user, who had been delaying the Chrome update, was forced to restart their computer after Windows released a PC update.
Interestingly, following the restart, which is a common step when installing operating system updates, all of the user’s extensions on Chrome were logged out, and all their tabs were gone. This forced the user to re-enter all their credentials on Chrome, along with their seed phrases for their cryptocurrency wallets.
The user speculates that this is when their confidential information was compromised via the keylogger. The funds were reportedly drained three weeks after this event. Further, the user did not notice any unusual activity in their browser following the restart.
“I checked my virus scanner and there were no issues. No additional weird extensions appeared. I proceeded to re-import my seed phrases,” the user wrote.
It was only during a later investigation that the user discovered the two malicious extensions on their system. Further, their browser also had Google Translate set up to auto-translate to Korean.
Leave a Reply