Protect Your Bitcoins: Malicious Chrome Extensions Downloaded Over 32 Million Times

A recent report warned that most malicious Google Chrome extensions have come from a single Internet domain registrar – CommuniGal Communications (GalComm) and have been downloaded nearly 33 million times.

Such malicious extensions have proven to be alarmingly dangerous to cryptocurrency investors as popular proponent recently lost all of his Bitcoin savings.

Suspicious Google Extensions Grow

The research compiled by a US-based network security company Awake Security, informs that out of 26,079 examined domains registered through GalComm, 15,160 turned out to be suspicious or malicious. These reachable domains host a variety of traditional malware and browser-based surveillance tools.

This makes them particularly threatening as they utilize several evasion techniques that help them stay under the radar of most security solutions.

“In the past three months alone, we have harvested 111 malicious or fake Chrome extensions using GalComm domains for attacker command and control infrastructure and/or as loader pages for the extensions. These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc.”

The research notified that these malicious extensions employing GalComm had been downloaded at least 32,962,951 times. “This only accounts for the extensions that were live in the Chrome Web Store as of May 2020,” reads the paper.

How Does It Affect Crypto?

The report outlined that “trust in the Internet and its infrastructure is critical. Exploiting key components of this infrastructure – domain registration, browsers, etc., shakes the foundation of trust and represents a risk to organizations and consumers alike.”

The same applies to cryptocurrencies. Since they are digital assets that exist and function in the online world, they require a secure digital presence; otherwise, the risks could be significantly detrimental. Such a recent example came from the host of the Protocol Podcast, Eric Savics.

CryptoPotato reported his story, in which he explained how he lost 12 bitcoins. Savics claimed that he was building that position for over seven years and planned to use it to buy an apartment.

However, he became a victim of precisely a fraudulent Google Chrome extension – a fake KeepKey. He entered his recovery phrase in it, which ultimately gave access to all of his holdings to the hackers.

Despite Savics recording a video pleading to the thieves and the cryptocurrency community’s support, the unfortunate event only goes to show how dangerous such malicious extensions can be. As such, investors should review these security tips to protect their digital asset investments.