{"id":11,"date":"2024-04-08T05:51:41","date_gmt":"2024-04-08T05:51:41","guid":{"rendered":"https:\/\/cryptogoldex.com\/index.php\/2024\/04\/08\/trader-suffers-800k-crypto-loss-due-to-harmful-google-chrome-add-on\/"},"modified":"2024-04-08T05:51:41","modified_gmt":"2024-04-08T05:51:41","slug":"trader-suffers-800k-crypto-loss-due-to-harmful-google-chrome-add-on","status":"publish","type":"post","link":"https:\/\/cryptogoldex.com\/index.php\/2024\/04\/08\/trader-suffers-800k-crypto-loss-due-to-harmful-google-chrome-add-on\/","title":{"rendered":"Trader suffers $800k crypto loss due to harmful Google Chrome add-on."},"content":{"rendered":"<p>Keyloggers are malicious applications used by cyber criminals to record every keystroke of a target\u2019s computer. According to the user, the issue initially surfaced after Google Chrome released an update last month.<\/p>\n<p>The user, who had been delaying the Chrome update, was forced to restart their computer after Windows released a PC update. Interestingly, following the restart, which is a common step when installing operating system updates, all of the user\u2019s extensions on Chrome were logged out, and all their tabs were gone.<\/p>\n<p>This forced the user to re-enter all their credentials on Chrome, along with their seed phrases for their cryptocurrency wallets. The user speculates that this is when their confidential information was compromised via the keylogger.<\/p>\n<p>The funds were reportedly drained three weeks after this event. Further, the user did not notice any unusual activity in their browser following the restart.<\/p>\n<p>\u201cI checked my virus scanner and there were no issues. No additional weird extensions appeared.<\/p>\n<p>I proceeded to re-import my seed phrases,\u201d the user wrote. It was only during a later investigation that the user discovered the two malicious extensions on their system.<\/p>\n<p>Further, their browser also had Google Translate set up to auto-translate to Korean. While the user remained unsure how exactly their Chrome browser was compromised, their analysis confirmed that the Sync test BETA (colorful) extension was a keylogger.<\/p>\n<p>The extension was reportedly sending data to an external website\u2019s PHP script. The attacker\u2019s website, when opened manually, shows a blank page with only \u201cHi\u201d written on it.<\/p>\n<p>Meanwhile, the \u201cSimple game\u201d extension was \u201cchecking if tabs are updated\/open\/closed\/refreshed,\u201d the user added. \u201cSell When Over wrote, &#8220;This is a $800k costly mistake \u2014 lesson is if anything seems off such that it prompts you to input a seed, then wipe the whole PC first.&#8221;<\/p>\n<p>Malicious extensions on Google Chrome have been plaguing the cryptocurrency sector for years. The malware was used to deploy malicious browser extensions capable of draining crypto funds.<\/p>\n<p>It used Google Chrome extensions to steal cryptocurrencies and clipboard data. The extensions could edit HTML on websites to display the actual user funds in a wallet while draining the wallet in the background.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keyloggers are malicious applications used by cyber criminals to record every keystroke of a target\u2019s computer. According to the user, the issue initially surfaced after [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-11","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-google-chrome-malicious-extensions"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/posts\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":0,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/media\/10"}],"wp:attachment":[{"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptogoldex.com\/index.php\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}