Crypto users left vulnerable via sham Google Chrome extension

As a seasoned crypto investor with several years of experience under my belt, I can’t help but feel dismayed and frustrated by the recent incident involving the malicious Google Chrome extension that stole funds from unsuspecting users, including the Binance trader “doomxbt.”

Users of cryptocurrencies uncovered a malicious Google Chrome add-on capable of swiping funds through deceitful manipulation of cookie information on websites.

In February, the Binance trader identified as “doomxbt” detected unusual activity resulting in approximately $70,000 worth of losses. The malicious actor originally transferred the pilfered funds to the advanced AI-enabled cryptocurrency exchange, SideShift.

I’ve encountered an unusual situation where my Binance account has been inexplicably emptied. I wasn’t expecting it and was taken aback by the sudden notifications about orders being filled, despite me not initiating any transactions – leaving me with a zero balance on the platform.

— 𝔡𝔬𝔬𝔪 (@doomxbt) February 29, 2024

As an analyst, I have uncovered some troubling information regarding a reported incident on Tuesday. It seems that the perpetrator behind recent cyber attacks was linked to a deceptive Aggr app extension available on Google’s Chrome store. Contrary to the authentic Aggr application, which offers advanced trading tools such as on-chain liquidation trackers, this malicious version contained malevolent code.

As a concerned crypto investor, I’d like to warn you against downloading the Aggr Chrome extension.

Recently, we discovered how someone, such as @doomxbt, lost their funds on Binance.
It turns out there is a malicious application named Aggr on the Chrome store with positive reviews. This app surreptitiously steals all cookies from every website you visit, putting your online security at risk.
Two months ago, someone paid a few influencers to promote this nefarious extension. Be cautious and avoid downloading it to protect your investments and personal information.

— Tree (🌲,🌲) (@Tree_of_Alpha) May 28, 2024

Inept due diligence from crypto influencers or an elaborate scam?

After the phony Aggr app made its way onto the Chrome Store, hackers initiated a social media blitz to lure people into downloading it.

As an analyst, I’ve uncovered that the developers engaged a network of influencers for the purpose of endorsing their malicious software through a tactic called “shilling.” On social media platforms, these influencers spread buzzwords related to trading to persuade users into believing they required this tool.

These influencers failed to heed the common advice in the crypto community, “do your own research” or “DYOR,” when promoting Aggr. It’s unclear whether they were oblivious to the potential risks Aggr posed to users or if they benefited financially from the attack.

After the recent event unfolded, I reached out to some crypto project promoters for their perspective, but at least one of them declined my request for a comment.

This event is representative of a broader pattern, as there have been several instances of harmful Chrome extensions causing damage recently. Last month, for instance, a trader suffered a significant loss of over $800,000 worth of digital assets after engaging with two malicious browser extensions in Google Chrome. To avoid similar risks, users are encouraged to conduct thorough research and carefully examine any application before downloading it onto their devices.

As a crypto investor examining an extension, at first sight it seems relatively benign. It brings in just a compact “background.js” file and the widely-used JavaScript extension named “jquery”.

— Tree (🌲,🌲) (@Tree_of_Alpha) May 28, 2024

Read More

2024-05-28 22:22