A simple and general cryptocurrency wallet that’s accessible through the browser is found to be stealing private keys of users’ wallets. Shitcoin Browser extension is just another crypto stealer hiding safely and deploying malicious codes whenever possible.
Shitcoin wallet, as others players, the makers of this promised absolute privacy for its users and turned hypocrite. While claiming it to support multiple browsers, it’s now available only for Chrome and as an app for Windows. The wallet has already 600+ installs from Chrome store, and can potentially steal users cryptocurrencies.
This Ethereum based wallet supports all transactions and storing of Ethers and numerous ERC20 tokens that are processed by ICO and built on Ethereum blockchain. While it promises to let store the Private key in users computer, it injects malicious code to steal the private key and send it back to hacker’s base, the erc20wallet.tk.
While it’s yet unclear that Chrome’s extension been compromised or the makers have intentionally done this, but it’s potential enough to do something big. Harry Denley, director of MyCrypto is the first one to surface this fact, and detailed in his blog post. And as ZDNet reported, Shitcoin processes its activity as follows;
- Users install the Shitcoin extension
- And when users navigate to any of these targeted sites, the extension injects the sourced code https://erc20wallet.tk/js/content_.js and activates on crypto exchanges.