As per Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is hitting MyEtherWallet, Binance and other popular platforms containing private keys and passwords for accessing cryptocurrency holdings.
⚠️ A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md— harrydenley.eth ◊ (@sniko_) December 31, 2019
The Shitcoin Wallet Chrome extension-ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – functions by downloading several javascript files from an isolated server. The code then scans for browser windows that are open and loaded with webpages of cryptocurrency exchanges and Ethereum network tools.
The code puts effort to transfer data to a remote server, identified as “erc20wallet.tk,” through the open windows. The high-level domain address of the server belongs to Tokelau, a chunk of South Pacific Islands under the administration of New Zealand.
The saga of Shitcoin Wallet thieving user info follows recent news of Apple threatening to delist the mobile DApp browser of Coinbase from app store and Google booting out Ethereum wallet app MetaMask from Play Store last week.
Both developments have been a subject of controversy due to non-availability of proof of malicious behavior by the apps. Several cryptojacking extensions were discovered on the Google Chrome web store in 2019.
As per the latest report from McAfee Labs, cryptojacking, which refers to a scenario where a user’s system is utilized to mine cryptocurrency without authorization, is on the rise, reflecting an increase of 29% in the first quarter of 2019.
While the name itself acts as a warning and would keep cautious investors away, Shitcoin Wallet also contains some dubious features. As per a company’s blog post, the Ethereum wallet was launched on December 9 and has roughly 2,000 users. It is a web based wallet having numerous extensions for various browsers. The blog post states:
“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article.”
However, the statement does not match with the sentence at the end of the blog post, which points out that Shitcoin Wallet is offered only as a Chrome extension.
Just few days before the malicious javascript attack, Shitcoin Wallet launched its latest desktop app, rewarding 0.05 ETH to users who install the wallet’s desktop app. Even though they have received a miniscule amount as reward in the form of Ether, their system is now vulnerable for data theft.