A Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims, a security researcher reported in a blog post on March 14.
The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB.
Denley noted that hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking.
“From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking scripts […] and there was a nice UI to let me know it was doing its job,” he explained in the blog post.
Behind the facade, however, it became apparent the extension requests the input of private keys from popular wallet interfaces MyEtherWallet (MEW) and Blockchain.com. Private keys are then sent to hackers, who can empty wallets of holdings.
The extension lay at the end of a fake giveaway campaign, ostensibly from crypto exchange Huobi, which offered worthless ERC20 Ethereum network-based tokens to unwitting consumers.
It is unknown how long the extension remained available for Google Chrome users.
Also read: Crypto company that bills itself as “the future of yachting navigation” says its technology enables sailors to mine tokens as they sail