Ethereum Wallet Injects Malicious Javascript To Steal Data

An Ethereum wallet available as a Chrome browser extension has been found to be injecting malicious javascript code. ‘Shitcoin Wallet’ tries to scrape data from other open windows and send it to a remote server.

MyEtherWallet And Binance Among Those Targeted

The code was identified by security and anti-phishing expert, Harry Denley, who warned about the potential breach in a tweet.

⚠️ A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork

Extension-native wallet create also sends secrets to their backend!

Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md

— harrydenley.eth ◊ (@sniko_) December 31, 2019

The ‘Shitcoin Wallet’ Chrome extension (ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn) downloads a number of javascript files from a remote server.

This code looks for other browser windows, open on the webpages of a number of exchanges and…