Extension for Google Chrome caught stealing bitcoins



    A Chrome browser extension called BitcoinWisdom Ads Remover replaces the QR codes used to obtain the address for sending funds, thereby redirecting financial flows. Users of the Bitstamp and BTC-E cryptocurrency exchanges and the Hashnest cryptocurrency cloud mining service were at risk .

    The claimed function of the application is to remove ads from the BitcoinWisdom website . This site allows real-time tracking of cryptocurrency exchange quotes on several well-known cryptocurrency exchanges. The Bitstamp resource team reported the detection of malicious functions in the application code on Twitter.

    Since the bitcoin addresses used to receive cryptocurrency are long strings of characters, often to facilitate payment transactions, these strings are encoded into QR codes that must be scanned using a smartphone camera.

    Such codes can be found on sites that work with cryptocurrency, and care about the convenience of users. They are used by owners of mobile bitcoin wallets that carry out transactions using a smartphone.

    The malicious application not only deleted ads on the BitcoinWisdom website, but also tracked the user's visit to other cryptocurrency-aware websites known to the application. When rendering the QR code on the payment acceptance page, the application intercepted the work and substituted another address, which obviously belonged to the author of the application. As a result, when trying to send funds to the address of the resource, the user actually sent them to scammers.

    The app is currently uninstalled from the Chrome Web Store. However, it appears there not for the first time - in July 2015, one of the reddit users made exactly the same description of the fraudulent scheme of the application.

    It was previously reported that the Russian-speaking cryptocurrency exchange BTC-E, one of the five largest exchanges,entered in the Russian registry of banned sites.

    Also popular now: