[vc_row][vc_column][vc_paragraph text=”Google threw out 49 plugins from its online store on Chrome browser. They were posing as crypto wallets.“][/vc_column][/vc_row][vc_row][vc_column][vc_heading title=”Official status does not guarantee reliability” size=”medium”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The plugins were detected by researchers from MyCrypto – an interface with open blockchain code, and PhishFort that sells anti-phishing protection.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”Harry Danley, MyCrypto Director of Security, announced that malware plugins are not new. They are intended for Ledger crypto wallets (57% of the plugins were developed for these wallets), Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus и KeepKey.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The plugins are essentially the “secret phishing” and include users’ mnemonic phrases, personal keys and key storage files that represent security documents used for developers identification or SSL encryption.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”Once the user inserts confidential data, an HTTP-request is sent to POST backend. This is where perpetrators get all the secret data and use it to withdraw money from the wallets.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”MyCrypt has identified 14 unique command and control servers (C2) that got data from hacked systems.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”After analyzing the servers the researchers found out that some of them were connected. This means they were being run by one hacking group.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”While some of them converted data to GoogleDocs form, the rest were uploading backends with PHP user scripts.”][/vc_column][/vc_row][vc_row][vc_column][vc_heading title=”Hackers that created false plugins are probably from Russia” size=”medium”][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”1015″ img_size=”full”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”Most of the domains are new: 80% of them were registered in March or April.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The first domain – ledger.productions is wired to other servers. This gives the researchers the idea of backend-set, and of the hackers themselves that carry out operations for most of the plugins.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”One of the servers even gave some clues: thus, it is clear that hacking actions were likely being controlled from Russia, especially considering the fact that administrator’s email ends with “r.ru”.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The process imitates the standard MyEtherWallet operating unless users enter their secret data.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The malware App sends the data back to C2s, and then direct users back to default settings.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”This results in users disappointment and provides malware programs with new secret information. After that users usually delete the plugin and forget about it unless their wallets are robbed.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”This happens only when the plugin is deleted. Thus, users have no idea how their money could be stolen.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”Some of the plugins were evaluated by false reviewers who gave out fake excellent reviews. They were rather short and amateurish, like “good”, “useful app” or “legal”.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”MyEtherWallet used one and the same “copy”, and the same review was published about 8 times and by different users.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”All of the reviews gave information on what is BTC and explained why MyEtherWallet was preferable for browser using.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”The researchers send funds to several addresses and transferred secret data to malware plugins. Still these data were not viewed probably because the hackers were interested in high-value accounts, or maybe they scan the accounts manually.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”Although the experts hadn’t revealed the confidential data for malware software, many users published that they had lost investments on support forums like Chrome, Reddit и Toshi Times.”][/vc_column][/vc_row][vc_row][vc_column][vc_paragraph text=”In a result, Google threw out the plugins from the Chrome online store within 24 hours after the heads-up.”][/vc_column][/vc_row]
Cryptocurrency in Russia
Russian crypto space and its global impact on the industry
Recently, we have been talking about the problem and state of regulation of the crypto industry around the world, and ...
News
Crypto and FATF: FinCEN sees some problems
One of the most widely discussed issues is currently the rules implemented by the Financial Action Task Force (FATF) that ...
analytics
Crypto reserves in North Korea: what’s coming up?
[vc_row][vc_column][vc_paragraph text="It is believed that North Korea keeps around $670 million in BTC and other cryptos, if not more. Nevertheless, ...