he Chrome extensions were mimicking cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor, Electrum, and others, but, in reality, they were stealing users' private keys and mnemonic phrases.
Google has removed 49 Chrome extensions from the Web Store that posed as legitimate cryptocurrency wallet apps but contained malicious code that stole crypto-wallet private keys, mnemonic phrases, and other raw secrets.
The 49 extensions were discovered by Harry Denley, Director of Security at the MyCrypto platform, who shared his findings exclusively with ZDNet last week.
Denley says the 49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor.
"Whilst the extensions all function the same, the branding is different depending on the user they are targeting," Denley said.
The MyCrypto security researcher says he has identified malicious extensions posing as known crypto-wallets apps such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.