Chrome Extension Could Be Vulnerable to Cryptocurrency Malware

Daniel Cawrey
Apr 21, 2014 at 19:04 UTC
NEWS

A browser extension for Google Chrome is reportedly capable of stealing bitcoin and other altcoins from its users.

Called the 'Cryptsy Dogecoin (DOGE) Live Ticker' in the Chrome Web Store, the extension is susceptible to updates that begin monitoring visits to cryptocurrency exchanges and wallet sites. A representative from Cryptsy has told CoinDesk that the exchange is not affiliated with the extension in any way.

The warning about the extension was posted on reddit, along with the following advice:

"Be careful of what you install on your devices you use to access your wallets."

How it steals coins

Software within the extension monitors web activity and looks for users who go to exchange sites such as Coinbase. During a transaction, the extension attempts to replace the receiving address with one of its own.

A reddit user reported this happening in a withdrawal from cryptocurrency exchange MintPal, having had the extension installed.

Extensions or add-ons that are related to cryptocurrencies are a logical tool for would-be thieves, as cryptocurrency-related software is generally used by those who hold onto digital coins.

Malware on the rise

The presence of cryptocurrency-related malware is on an upward trend. The rising value of coins, coupled with the increasing number of altcoins has essentially created a new cottage industry, whereby malicious software tries to steal virtual money.

Dell SecureWorks released a report in February stating that it had identified almost 150 different strains of bitcoin-related malware.

Another sought-after method of malware infects a device and tries to generate coins by mining, which is not very effective given the specialized hardware now required to complete proof-of-work algorithms that reward miners.

Ultimately, it ends up being a huge resource drain for users' machines. Or, as in this instance, a seemingly useful tool like the Cryptsy Dogecoin Live Ticker ends up being used for nefarious purposes.

Protecting coins

To guarantee high levels of security, it's important to choose an exchange or wallet service that enables two-factor authentication. This method of verifying actions requires more than one device, which will decrease the chances of malware making changes to your transactions.

Java 7 exploits continue to be an issue on PCs. Source: Cisco
Java 7 exploits continue to be an issue on PCs. Source: Cisco

It might be better, though, to simply store coins in a brain wallet or paper wallet. Bitcoin Vigil, which monitors bitcoin theft, is a concept that may be useful for thwarting thieves, since storing coins on a local machine connected to the internet has vulnerabilities.

As Cryptsy Dogecoin Live Ticker demonstrates, it is probably better to simply stay away from add-ons and extensions on any computer used to store your coins.

Malware image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.

MalwareMining MalwareDell SecureWorksBitcoin VigilLocalBitcoinsCisco

Load Comments