Never Install the following Chrome extension, If you don't want your ETH to be at risk!
Some of us know that ethereum wallets are known as "shitcoin wallets". but it turns out they might have accidentally injected malicious code into the user's device.
in this case we might not care. because it turns out
This is an extension for chrome, a browser for online explorers made by Google, but very unfortunately "they are injecting malicious code to steal user data that installs it" This news has been circulating on Twitter a few days ago and by a team of computer security experts (Harry Denley). to say.
This extension is very dangerous, Denley explained on Twitter, targeting Binance accounts, MyEtherWallet wallets, and other sites that are used primarily by the community to manage their sacryptocurrency; The code then looks for a browser window that contains Ethereum web pages and network tools.
however the malicious code attempts to gain access credentials to these sites by retrieving them from the browser and, after the credentials have been obtained, send them to a remote server identified as "erc20wallet.tk", the top-level domain address that belongs to Tokelau, a group of islands in South Pacific which is part of the New Zealand region.
Obviously, when an extension is uploaded to the google store, it doesn't display malicious code, only after that it must be changed to steal user login credentials; Therefore it must make us reflect that, just a few days before starting to launch a JavaScript attack, Shitcoin Wallet announced the launch of a new desktop application stating that it would give 0.05 ETH to users who had downloaded and installed the application.
To be honest, it seems to me that it doesn't make sense that communities like cryptocurrency, which are considered to have more than average computer skills, can still take on this type of fraud; first, therefore, it is up to everyone to remember that no one gives you anything and that even if there may be some sporadic cases of promotions done by actually giving some money to users, systematically following this kind of initiative quickly or Your slow down will endanger the security of your device.
The picture below is a research result.
Of course, it can be said to always carry out the necessary checks before participating in this type of initiative, but the time required to ensure that it does not end up being a scam victim is not worth the little money that can be obtained; Another thing that I don't understand is the general tendency to install all types of applications, extensions or software on their devices without a minimum of prior thought.
Therefore in my opinion it is appropriate to make a small summary of all the various precautions that must be taken when you regularly manage money using a computer, smartphone, and internet connection; first, therefore, it is necessary to set up a secure device, where we will not install anyone but we will save only for the management of our money.
If possible, it is good practice to use more than one computer, one of which is only intended to work, and the other uses it "more risky"; obviously on machines intended for use that are objectively more dangerous do not run all types of passwords.
A separate discussion must be made for smartphones, here, for example, we should avoid using the same email that we use to authenticate ourselves on various sites where we manage our money; we also avoid downloading applications for home banking management and if we really can't help managing our money while traveling, we have at least two devices, maybe allocating simple SIM data to the devices we use to manage our money.
Obviously, instead of having two phones, one of which is aimed at managing my cryptocurrency, you can use a hardware wallet; here too, it is a bad idea to accumulate all our coins in one device, especially when the volume of money that we manage starts to grow.
In the same way if we must always carry a bit of bitcoin, we use an ad hoc hardware wallet, where we will deposit for example $ 100/200 for daily use; this is a small precautionary measure, within anyone's reach, but which is still suitable to avoid most of the scams circulating.
Therefore, for the last time, always pay attention to managing your digital currency!