Fake crypto-wallet extensions appear in Chrome Web Store once again, siphoning off victims’ passwords

The Register

Three weeks after Google removed 49 Chrome extensions from its browser’s software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted – and some are still available to download.

The dodgy add-ons masquerade as legit crypto-wallet extensions, and invite people to type in their credentials to access their digital money, but are totally unofficial, and designed to siphon off those login details to crooks.

Harry Denley, director of security at MyCrypto, who identified the previous lot of bad extensions, told The Register at least eight among the latest crop of 11 impostors, pretending to be crypto-wallet software KeyKeep, Jaxx, Ledger, and MetaMask, have been taken down.

Denley provided The Register with a list of extension identifiers, previously reported to Google, and we were able to find some still available in the Chrome Web Store at time of writing.

Full article