A Google Chrome browser extension, known as the Cryptsy Dogecoin (DOGE) Live Ticker in the Chrome Web Store, is said to be capable of stealing bitcoin and other alternative currencies from users.
Initially reported on Reddit yesterday, a person with the username cryptiest authored a post in the /r/dogecoin subreddit explaining the dangers of using cryptocurrency browser extensions.
“If you use any extensions in your browser, you’re vulnerable to updates which happen automatically without your knowing,” said cryptiest. “This means you can be using it for weeks/months until the bad author updates the addon/extension with malicious code. It appears the [Cryptsy Dogecoin (DOGE) Live Ticker] author made an update today to steal Dogecoin among other digital currencies.”
At face value, the Cryptsy extension is designed to provide the real time value of numerous digital currencies, but according to Coindesk, the extension secretly functions in a much more sinister manner.
“Software within the extension monitors web activity and looks for users who go to exchange sites such as Coinbase. During a transaction, the extension attempts to replace the receiving address with one of its own.”
Another Reddit user posted yesterday claiming to have been victimized twice by the extension when using the cryptocurrency website MintPal. According to the user, the confirmation email displayed a different BTC address than the one that was placed in the withdrawal form. The user confirmed that a “Live ticker” Chrome extension was in fact installed on the machine.
It’s possible that other cryptocurrency browser extensions are exploiting vulnerabilities, and users of such extensions are urged to report suspicious activity to Google.
Apart from browser extension vulnerabilities, as alternative currencies continue to gain popularity, an increasing amount of malicious software is being specifically designed to steal from unsuspecting users.
According to researchers at Dell SecureWorks, over 100 different types of Bitcoin-stealing malware exist on the internet, often delivered in the form of a seemingly innocuous email attachment.
A particularly frustrating malware program currently making rounds is called CryptoLocker, which has infected an estimated 250,000 computers. Once the infected file is opened, the program encrypts files on the victim’s computer and then displays a message offering to decrypt the files only after money is sent.
ZDnet was able to identify four addresses thought to have received money from victims of CryptoLocker and determined that, at $661 per bitcoin, $27 million was moved through the four addresses alone. The total amount extorted is likely in the hundreds of millions.