A recent report warned that most malicious Google Chrome extensions came from a single internet domain registrar – CommuniGal Communications (GalComm) – and were downloaded almost 33 million times.
It turns out that this malicious extension poses an alarming threat to cryptocurrency investors, as popular hodlers have recently lost all of their Bitcoin savings.
Suspicious Chrome Extensions
Research by Awake Security, a U.S. cybersecurity company, shows that of the 26,079 domains registered with GalComm, 15,160 were classified as suspicious or malicious. These accessible domains contain various traditional malware and browser-based monitoring tools.
This makes them particularly dangerous since they use different evasive techniques to stay under the radar of most security solutions.
“In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions. These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc.”
Research shows that these malicious extensions have been downloaded at least 32,962,951 times with GalComm. “This only accounts for the extensions that were live in the Chrome Web Store as of May 2020,” reads the paper.
Effects on the Crypto Ecosystem
The report stated that “trust in the Internet and its infrastructure is critical. Using key components of registering infrastructure domains, browsers, etc. shakes the trust base and poses risks for businesses and consumers.”
The same applies to cryptocurrencies. Since they are digital assets that exist and work in the online world, they need a secure digital status. Otherwise, the risk can be very harmful. Such a recent example comes from Eric Savics, the moderator of the protocol podcast.
CryptoPotato shared his story of how he lost 12 bitcoins. Savics claims that he has been in this position for seven years and is planning to use it to buy apartments.
However, he fell victim to a fraudulent Google Chrome extension (a fake KeepKey). He entered his recovery phrase in it and gave the hacker access to all his assets.
Although Savics has recorded a video asking for support from thieves and the cryptocurrency community, the unfortunate incident only shows how dangerous this malicious extension is. Therefore, investors should read these safety tips to protect their investments in digital assets.