Polymorphic Extensions Can Steal Your Crypto and Passwords Once installed, it can ...
... disable existing extension and impersonate it to steal your data. This is allowed by Chrome permissions. A legitimate extension can be bought and updated to perform this attack.
#technology #archon
Posted via D.Buzz
41
0
139.425 STEM
Well this is terrifying. Thanks for sharing.
The worst part is that popular extensions can be bought or hacked by some party and then update the extension to become malicious. Hardware wallets, 2FA and software minimalism is going to become very important in the future.
I believe that happened with one of the early paperwallet sites. It was sold to somebody who started recording the keys, waited a few years,then emptied all the wallets.
People go Willy nilly with extensions it’s pretty wild. Theres too much risk, I think keychain for hive is one of the only extensions besides my password manager I’ll ever use. The rest I can do the old fashioned way!
That is a very smart precaution. I have KeePassXC for important passwords. It is a bit of hassle to use at times. The good thing is that I don't have to worry about the extension getting hacked. My main browser profile only has my wallets. I whenever I try an extension, I isolate that into a separate profile or an entirely different browser.
Making extensions only available "On Click", checking and managing permissions along with browser isolation can help to mitigate this risk to a significant extent. It is best to minimize usage of Extensions. Brave wallet is likely safe (I'm not an expert).
SquareX's Report
Posted via D.Buzz