Fake crypto-wallet extensions will appear again in the Chrome Web Store, siphoning off victims’ passwords •
Three weeks after Google removed 49 Chrome extensions from its browser software store to steal encrypted wallet accounts, 11 other password changes were detected – and some are still available for download.
The shady add-ons are disguised as legal encrypted wallet extensions and ask people to enter their credentials to access their digital money, but they are completely unofficial and designed to get those credentials from fraudsters.
Harry Denley, the security director of MyCrypto, who identified a series of bad extensions, told The Register that at least eight were removed from the last crop of 11 crooks who posed as the crypto portfolio of KeyKeep, Jaxx, Ledger and MetaMask software.
Denly provided the registrar with a list of extension IDs that were previously reported to Google, and at the time we wrote this article, we could find others in Chrome’s online store.
Dan Finlay, lead developer of MetaMask, twittered for the help of Google because sometimes it seems as if they have only been optimized to respond to the outrage of social media.
Mr. Finlay complained that Google still approves phisher extensions. The number of imposed chroommetaMasks is increasing, and apparently they are all subject to manual security checks, he wrote. What’s more, they can buy all of Google’s premium advertising space at the top of the search results.
40 million users of emoji-dependent keyboard applications left their $18 million account after malware re-entered Play Store.
As we reported in January, Chrome’s online store appears to be understaffed and over-reliant on automation to meet its needs. It is no different than the Google Play Store, which has struggled for years to keep malicious Android applications at bay.
The registry asked Google for comments, but apart from asking for more information about suspicious extensions, we didn’t receive an answer.
Mr. Finlay told the registry that if Google wants to launch Chrome’s online store with a small number of people, it will have to implement systems to automatically enforce brand and trademark restrictions on the store and advertising platforms.
I think it would be great if Google took a brand friendly attitude in its advertising, but I’m not sure this would conflict with its business model. I hope Google doesn’t think they have to protect phishing to keep their heads above water.
Google’s advertising guidelines state that the company handles complaints from brand owners, but only after receipt of the complaint. The Google Chrome Web Store Developer Agreement prohibits developers from violating intellectual property rights, which probably means little to violators. At the same time, it is clear that Google is not obliged to monitor products or their content.
According to Mr. Danley, Google seems either unable to protect Chrome’s online store or negligent.
I have a semi-popular Chrome extension, and it takes a while after each version request – so if there’s a manual check, it either doesn’t work as expected (and only slows down updates to popular extensions) or it’s just a manual check to popular extensions, he said. It seems that these bad extensions were immediately approved by several different accounts.
A week ago, Google announced even more restrictions aimed at cleaning up Chrome’s online store, noting that the platform extension has also attracted spammers and scammers who present deceptive and inferior extensions to deceive and entice our users to install them and make a quick profit.
The revised guidelines are intended to prevent spamming by developers using these extensions and broaden the company’s definition of abuse and manipulation of the revision. In January, Google blocked Chrome’s online store because of an influx of vitriocomments.
Please note that since 2011, Google has released similar security enhancements for Chrome’s online store every year.
Denley said that in an ideal world more attention is paid to owners of popular extensions when they report abuses, such as the emergence of the eponymous and brand extension.
I would like to contact the team at [Chrome Online Store] to give them my IOC [compromise indicators], although I don’t think Chrome Online Store related items are their priority, he said.
Maybe someone develops a chrome extension that renames the tweet button on Twitter to read Google’s support. ®
Webcast : Customize your hybrid cloud correctlyfind chrome extensions,chrome web store – android extensions,webstores,extensions chrome,download extension,chrome website,chore store,chrome apps