Taking advantage of cryptocurrency owners attackers have once again deployed a malicious tool online. This time, they have guised their vector as a crypto wallet browser extension, Shitcoin Wallet. It appears as a simple browser add-on, but it actually is a crypto stealer.
The app named Shitcoin Wallet surfaced online recently. According to a (supposed) official blog post on Medium, the Shitcoin Wallet is actually an Ethereum wallet. The blog further claims that the app is basically a web wallet with many browser extensions.
Regarding how it “serves” the users, the blog reads,
The officials further warrant complete privacy to the users by providing a simple wallet address. Then, it also assures that the private key of the wallet remains secure as it stores on users’ local PC.
The tool is available as a browser extension – that too – for Chrome only. This is in contrast with its claim of supporting multiple browsers. Though, they have recently launched a desktop app for Windows as well.
The Director of Security at MyCrypto, Harry Denley, has also noticed malicious code existing in the extension. According to his findings, the extension actually steals crypto from popular platforms by injecting malicious JS code. He disclosed these findings in a tweet.
In brief, the extension, after installation, fetches malicious JS files from a remote server and injects it to target websites. According to ZDNet, the extension has 77 websites on its target list, to which, it injects the code whenever a user visits any of them.