MyCrypto and PhishFort Companies
For some add-ons, a positive rating was artificially maintained with the help of fictitious users and positive reviews were published. Google removed these add-ons from the Chrome Web Store catalog within 24 hours of notice. The publication of the first malicious add-ons began in February, but peaked in March (34.69%) and April (63.26%).
The creation of all add-ons is associated with one group of attackers, who deployed 14 command and control servers to manage malicious code and collect data intercepted by add-ons. All add-ons used typical malicious code, but the add-ons themselves were camouflaged for different products,
During the initial setup of the add-on, the data was sent to an external server and after some time funds were debited from the wallet.
Source: opennet.ru