News Crypto and cryptocurrencies

According to Ledger, a Chrome extension steals crypto from users

Cyber ​​crime - According to Ledger, a Chrome extension steals crypto from users

The fantasy of the hacker it really seems to know no limits. After taking advantage of the most popular audio files of Grammy Awards and wallpapers dedicated to Kobe Bryant, the Los Angeles ace tragically disappeared in a helicopter crash, now cybercrime has also gone to browser extensions, especially of Chrome.
To warn users in this regard was Ledger, the well-known manufacturer of wallet per cryptocurrency, which revealed how yet another phishing attack was implemented. Ledger's tweet was released on 5 March and it is hoped that it will prevent interested parties from finding themselves counting losses. Those of their virtual coins, which are the target of this piracy act.

The fake Chrome extension that steals cryptocurrencies

Just Ledger has provided to warn users about the presence of a fake extension of Google Chrome delegated to the subtraction of their cryptocurrencies. This extension acts by asking them to enter the 24-word recovery phrase required to access the wallet. A modus operandi that Ledger has never used so far, advising her customers not to comply with what is required, on any device connected to the web. Those who do this endanger their treasure.

The discovery was made by Harry Denley

To find out what was happening was Harry Denley, director of platform security mycrypto, who proceeded to spread the news. The whole thing was then taken up by Catalin Cimpanu, a cyber security reporter who has been working for the news site for some time ZDNet, who did not fail to give due relevance to the episode.
Harry Denley himself said that the fictitious request for the fake extension does not make any sense in practice. Nonetheless it may have fooled the more unwary or less careful users. As usual, the imprudence that still characterizes too many cryptocurrency enthusiasts, which seem to fail to receive the message conveyed several times by cybersecurity houses, may have allowed the success of the operation: both private keys and mnemonic codes must be kept offline, to avoid fraud.

Ledger Live, this is the name of the fake extension

The name of the fake Chrome extension used for this attack is Ledger Live and it should be noted that in reality there is actually a real application marked with this name. The real Ledger Live, in fact, allows users of Ledger wallets to monitor balance sheets and approve transactions from time to timei.
According to the first rumors that emerged about it, it seems that the malicious software was downloaded no less than 120 times before being permanently removed from Google. Many users may have been fooled by using Google Ads to advertise it. As usual, therefore, the hackers planned their moves well before going into action. Now it remains only to understand what the amount of loot looted before the attack was discovered.

Buying Cryptocurrencies? Exchange Binance Binance

Dario Marchetti

I have a degree in Literature and Philosophy from the Sapienza University of Rome, with a thesis on the eastern border of Italy at the end of the First World War. I have collaborated with several sites on many issues and led the work group that published the official CD-Rom of the SS Lazio "History of a love" and "Photographic History of Magical Rome".

Leave a comment

Your email address will not be published. Required fields are marked *

Back to top button