Information Technology Services (ITS)

Extension fraud on Google Chrome harms users

Published on: April 7, 2020

In March, a malicious Chrome extension called “Ledger Live” was caught targeting ledger cryptocurrency wallet users (ledger wallet is a small hardware that people use to store cryptocurrency account passwords). This fraudulent extension collected and recorded the user’s passwords onto a Google form in order to infiltrate their cryptocurrency accounts.

Following further investigation, Google found and removed more than 500 other malicious extensions from the Chrome web store. The investigation was led by security researcher Jamila Kaya and Cisco’s Duo Security team. They discovered that these malicious extensions inject “malvertising” (malicious ads) into users’ browsers and redirect users to specific sites that contain malware downloads.

According to Kaya’s report, these extensions belong to a larger malware operation and the organization behind this operation may have been active since the early 2010s. Based on previous installation counts, millions of users are likely to be impacted by malware operations using malicious extensions.

For example, “Ledger Live” imitated the real ledger wallet application and tricked users into providing passwords to their cryptocurrency accounts. Having highly confidential passwords collected by the extension, users could face tremendous losses in their cryptocurrency accounts. Other similar malicious extensions may also trick users into giving out confidential financial information or account credentials.

How to stay safe

Chrome users can protect themselves from malicious extensions. Before installing an extension on your browser:

• Think twice about whether you need the extension.
• Check the publisher and avoid extensions from unofficial sources.
• Beware of security updates and unusual behaviour.

For more information on protecting your data online, visit Security Matters.