The extension, Shitcoin Wallet, Chrome extension ID: ckkgmccefffnbbalkmbbgebbojjogffn, was launched last month on December 9.
With Shitcoin Wallet, users managed their Ether (ETH) coins, and Ethereum ERC20-based tokens — tokens usually issued for ICOs (initial coin offerings) either from the browser or by installing a desktop app.
Malicious Behavior with the extension
Harry Denley, Director of Security at the MyCrypto platform, discovered that the chrome extension isn’t what it promises to be. He found malicious code within the extension.
In a blog, zdnet reported that, “According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.
Danley, said that the extension traffics all the keys on its system to a third party website at erc20wallet[.]tk.
The malicious code works by the following process
1. The user install the chrome extension Shitcoin Wallet.
3. If the user navigates to any of these 77 websites, it injects an additional code .
4.The code activates on five websites: MyEtherWallet.com, Idex.Market, Binance.org, NeoTracker.io, and Switcheo.exchange
5. After activation, the code saves the user’s login credentials, keys and other data then siphon it to a third party.
It is not constructively clear yet if the Shitcoin Wallet team is responsible for the malicious behavior or a third party infiltrated the extension. Shitcoin Wallet team is silent on the allegations and have yet to give any comments on the matter.
Both 32-bit and 64-bit installers are available for the user to download on the extension’s official website.
VirusTotal, a website that aggregates the virus scanning engines of several antivirus software makers, showed that both versions were clean.
But on a warning note, the desktop app may contain the code or something even worse.