SoylentNews

upstart [soylentnews.org] writes:

████ # This file was generated by upstart! Edit at your own risk. ████

upstart [soylentnews.org] writes in with an IRC submission for SoyCow1337:

Chrome Extension Stealing Cryptocurrency Keys and Passwords - Schneier on Security [schneier.com]:

Chrome Extension Stealing Cryptocurrency Keys and Passwords

A malicious Chrome extension [zdnet.com] surreptitiously steals Ethereum keys and passwords:

According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.

Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk.

Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. This code steals login credentials and private keys, data that it's sent to the same erc20wallet[.]tk third-party website.

Another example of how blockchain requires many single points of trust [schneier.com] in order to be secure.

Posted on January 3, 2020 at 6:09 AM [schneier.com] • 12 Comments

Original Submission