As per Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is hitting MyEtherWallet, Binance and other popular platforms containing private keys and passwords for accessing cryptocurrency holdings.
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md
— harrydenley.eth ◊ (@sniko_) December 31, 2019
The code puts effort to transfer data to a remote server, identified as “erc20wallet.tk,” through the open windows. The high-level domain address of the server belongs to Tokelau, a chunk of South Pacific Islands under the administration of New Zealand.
The saga of Shitcoin Wallet thieving user info follows recent news of Apple threatening to delist the mobile DApp browser of Coinbase from app store and Google booting out Ethereum wallet app MetaMask from Play Store last week.
Both developments have been a subject of controversy due to non-availability of proof of malicious behavior by the apps. Several cryptojacking extensions were discovered on the Google Chrome web store in 2019.
As per the latest report from McAfee Labs, cryptojacking, which refers to a scenario where a user’s system is utilized to mine cryptocurrency without authorization, is on the rise, reflecting an increase of 29% in the first quarter of 2019.
While the name itself acts as a warning and would keep cautious investors away, Shitcoin Wallet also contains some dubious features. As per a company’s blog post, the Ethereum wallet was launched on December 9 and has roughly 2,000 users. It is a web based wallet having numerous extensions for various browsers. The blog post states:
“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article.”
However, the statement does not match with the sentence at the end of the blog post, which points out that Shitcoin Wallet is offered only as a Chrome extension.