Malicious Software and a Nefarious Wallet Affect ETH Coin Traders
A wallet for Ethereum (ETH), known as the "Shitcoin Wallet," is reported to be inserting nefarious JavaScript scripts from browsers in order to steal user data. On December 30, 2019, cybersecurity expert Harry Denley warned about this possible breach in a tweet.
According to Denley's tweet, the wallet is using Chrome in order to target Binance, My Ether Wallet and several other popular websites. The Shitcoin Wallet is stealing the user passwords and private keys in order to take cryptocurrency from their accounts.
The Shitcoin Wallet extension for Chrome works by downloading a bunch of JavaScript files from a remote server. It then uses the code from the files in order to search for open browser windows for specific cryptocurrency exchanges and network tools for ETH.
If the code finds them, it collects the data put into the windows. The information is sent to a remote server. The server has a top-level domain address from a South Pacific island that is part of New Zealand.
The theft of user data by Shitcoin Wallet is similar to some other recent incidents. Apple threatened to delist Coinbase's mobile DApp browser. Google removed the ETH wallet app Meta Mask from the Google Play App store in late December 2019. Both of those moves were controversial because there was not a lot of evidence behind them.
A lot of crypto theft extensions were found in the Google chrome online store in 2019. According to MacAfee labs, cryptojacking has been on the rise by about 29 percent in the first quarter of 2019.
The name "Shitcoin" should make it clear to stay away from that ETH wallet. It launched on December 9. It has 2,000 users so far. In a blog post, a security expert stated that it has extensions for different browsers. However, it is actually only supported by Chrome. Before this JavaScript attack, Shitcoin Wallet announced a new desktop app. It gave 0.05 ETH to anyone who downloaded and installed it. People who did got some free ETH but are now vulnerable to attack and theft of their data and crypto accounts.