chrome kde 钱包
That didn’t take long… we have just started the year and already we have the first data breach incident reported. Cybersecurity and anti-phishing expert Harry Denley warned about the vulnerability in a tweet a couple of days ago. It was only two weeks ago that I wrote about a leading Blockchain application platform VeChain’s wallet being compromised, apart from other high profile hacks in December.
牛逼帽子没多久......我们刚开始的一年,我们已经有第一个数据泄露事件的报道。 网络安全和反网络钓鱼专家哈里·丹利(Harry Denley)几天前在一条推文中警告该漏洞。 仅在两周前,我写了一篇关于领先的区块链应用程序平台VeChain的钱包遭到破坏的报告 ,除了12月的其他引人注目的黑客事件 。
The Chrome browser extension named Shitcoin Wallet (ID:ckkgmccefffnbbalkmbbgebbojjogffn) was launched on December 9, 2019. The link to the extension seems to have been removed from the Google Chrome Web Store at the time of publishing, as you will get a 404 (requested URL can’t be found on the server) error. The current breach adds to a similar incident a week earlier where Google removed the Ethereum wallet app MetaMask from its Google Play App Store.
Chrome浏览器扩展程序名为S hitcoin Wallet (ID: ckkgmccefffnbbalkmbbgebbojjogffn )于2019年12月9日启动 。 发布时,该扩展程序的链接似乎已从Google Chrome网上应用店中删除,因为您将获得404(在服务器上找不到请求的URL)错误。 当前的违规行为加剧了类似的事件,一周前,谷歌从其Google Play App Store中删除了以太坊钱包应用程序MetaMask。
According to an analysis by Denley, the malicious extension sends the private keys of all wallets created or managed through its interface to a remote third party server identified as erc20wallet[.]tk. Apart from this, all your funds in the form of ETH or any other ERC-based tokens are directly at risk as well. The malicious code operates in the following way:
根据Denley的分析,恶意扩展会将通过其接口创建或管理的所有钱包的私钥发送到标识为erc20wallet [。] tk的远程第三方服务器。 除此之外,您以ETH或任何其他基于ERC的代币形式的所有资金也将直接受到威胁。 恶意代码以下列方式运行:
- Users install the Chrome browser extension. 用户安装Chrome浏览器扩展程序。
The extension requests permission to inject JavaScript (JS) code on 77 websites.
该扩展程序请求在77个网站上注入JavaScript(JS)代码的权限。
When users try to browse any of these websites, the extension loads another malicious file from JS file from https://erc20wallet[.]tk/js/content_.js
当用户尝试浏览这些网站时,该扩展程序会从https:// erc20wallet [。] tk / js / content_.js的 JS文件加载另一个恶意文件。
- This JS file contains deceiving code which is difficult to comprehend. 该JS文件包含难以理解的欺骗性代码。
The code reactivated on the following five websites — MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
在以下五个网站上重新激活了代码-MyEtherWallet.com,Idex.Market,Binance.org,NeoTracker.io和Switcheo.exchange
- The malicious code then searches for private credentials stored on these platforms, collects the information and sends it out to the remote server. 然后,恶意代码搜索存储在这些平台上的私人凭据,收集信息并将其发送到远程服务器。
Shitcoin Wallet also launched the desktop version (32-bit and 64-bit version) of its app a few days prior to this attack with an incentive of giving away 0.05 ETH to users who download & install its client. Looking at the comments posted on the wallet’s Telegram channel, it points to the presence of malicious code on their desktop client as well. The trade-off is huge — 0.05 ETH for your digital wallet info.
Shitcoin Wallet在攻击发生前几天还发布了其应用程序的桌面版本(32位和64位版本),以鼓励向下载并安装其客户端的用户赠送0.05 ETH。 通过查看钱包的Telegram频道上发布的评论 ,它还指出了其桌面客户端上也存在恶意代码。 代价是巨大的-您的数字钱包信息需要0.05 ETH。
It is unclear whether the Shitcoin Wallet team is responsible for the malicious code or the Chrome extension got compromised by a nefarious third party. But the name “Shitcoin Wallet” should have been a giveaway to stay away from software in the first place. Ironically though, the homepage for the Shitcoin wallet reads:
目前尚不清楚Shitcoin Wallet团队是否应对恶意代码负责,还是Chrome扩展程序被恶意的第三方破坏。 但是,“ Shitcoin钱包”这个名字本来应该是一种赠品,以使其远离软件。 具有讽刺意味的是,Shitcoin钱包的主页显示为:
Shitcoin Wallet Safe & Secure Currency!
Shitcoin钱包安全可靠的货币!
及时了解重要内容- 加入我的邮件列表 (Stay informed with the content that matters — Join my mailing list)
chrome kde 钱包