The user of the malicious extension Ledger Secure for Chrome lost $16 thousand in cryptocurrency . As it later became known, this little-known extension was disguised as the popular crypto wallet Ledger - the developers of the latter from malware in the Chrome Web Store.
It is alleged that the Ledger Secure extension sends the code phrase to third parties, thanks to which the attackers were able to steal 600 ZCash from the victimβs account. This user under the nickname hackedzec also clarified on his Twitter that he entered the secret phrase on the computer only once 2 years ago, and it was also stored as a scanned document. It is still unknown which storage option contributed to the theft of cryptocurrency from the wallet.
How exactly did the expansion get into also remains a mystery, but it was discovered when hackedzec found an unknown file on the computer with links to the Ledger Secure Twitter account. The account imitates the official representative office of the French company Ledger.
Previously, MyCrypto discovered similar malicious software in the Chrome Web Store. An extension called Shitcoin Wallet was freely distributed in the Google catalog and at the same time stole private keys and authorization data on various crypto exchanges like Binance.
Source: 3dnews.ru