Researchers have discovered a violation of the widely used chrome extended switch yoga that exposes users to the major theft of individuals.
A compromised version of the Chrome-based proxy extension Switchyomega is stealing private keys from Crypto Wallets, putting more than half a million users at risk, Slowmist analysts warn.
The violation began when phishing email targeted employees of CyberHaven, an AI-powered data security company, resulting in harmful code being injected into the extension. The phishing email falsely claimed that Cyberhaven’s browser extension violated Google’s policies and threatened deletion unless immediate action was taken, according to a March 12 investigation report.
Fake version of proxy Switchyomega | Source: SlowMist
Slowmist explained that attackers can use OAuth to access their CyberHaven accounts and upload the compromised extended version (24.10.4). When the extension was updated, users unconsciously installed malicious code.
You might like it too: Crypto users remained vulnerable via Sham Google Chrome Extension
It appears that malicious versions of the extension were able to steal sensitive data, such as secret keys and mnemonic phrases from crypto wallets. It remains unknown how many of the 500,000 affected users were exposed to the exploit. SlowMist analysts advise users to check the installed extension ID and match the official version.
Attacks on crypto traders via browser extensions are not new as bad actors have been trying to exploit them for a while.
In September 2024, analysts at Cybersecurity Firm Group-IB revealed that the infamous North Korean hacking gang Lazarus group, known for its sophisticated cyber campaign against the crypto industry, has bolstered its efforts to expand its Browser Extensions targets by targeting crypto experts and developers through fake video apps.
read more: OKX alerts users of fake browser extensions in Firefox store
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
