Safery: Ethereum Wallet, a deceptive Chrome extension, poses a significant risk to cryptocurrency users. After its publication on November 12, 2024, this seemingly secure Ethereum wallet is designed to secretly steal users’ seed phrases, allowing attackers to fully control and drain victims’ digital assets. Researchers from Socket.dev uncovered that the extension employs sophisticated tactics to achieve theft by encoding user data within synthetic Sui blockchain addresses, disguised as typical blockchain activities. When users create or import a wallet, their seed phrases are extracted, encoded, and transmitted to the attackers via microtransactions that look legitimate.
The technical mechanism of this malware is intricate. Upon analyzing the code, analysts found that it utilizes BIP-39 mnemonic encoding, transforming seed phrase words into numeric indices. It constructs fake wallet addresses that trick unsuspecting users into thinking they are engaging with a legitimate service. Once victims install the extension, they unwittingly hand over their Ethereum private keys, leading to the complete loss of their financial assets. This alarming situation highlights the critical importance of scrutinizing software authenticity, particularly within platforms like the Chrome Web Store, where legitimate products often exist alongside dangerous threats.
👉 Pročitaj original: Cyber Security News
