Security expert reveals the problem
The app’s activities were revealed by security and anti-phishing expert Harry Denley who said that the codes were collecting the credentials on all major crypto exchanges alongside MyCryptoWallet.
He wrote on Twitter, “A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork” and “Extension-native wallet create also sends secrets to their backend! Bad guys: erc20wallet[.]tk ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md.”
The Shitcoin wallet is designed to hold Ethereum and other ERC-20 tokens and has over 2,000 users. The company suggests that it is a Windows-based desktop application even though it actually works as a Chrome extension. In another blog post, it suggests that “It is a web wallet which has several extensions for different browsers.”
Wallets are infamous for stealing
In recent years, several web browsers have been found to have malicious codes. However, most of these wallets have tried to mine digital currencies using the user’s devices. The infamy of crypto wallets led to Google banning MetaMask, a popular Ethereum wallet, and a dApp browser from the Play Store. The tech giant said that the app violates its financial policy. The company didn’t specify the exact reasons but the feature could be related to mining, which is strictly banned from the store.