The malicious Google Chrome web extension was tied to a fake token airdrop from cryptocurrency exchange Huobi.
A Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims, a security researcher reported in a blog post on March 14.
The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB.
“From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking scripts […] and there was a nice UI to let me know it was doing its job,” he explained in the blog post.
Behind the facade, however, it became apparent the extension requests the input of private keys from popular wallet interfaces MyEtherWallet (MEW) and Blockchain.com. Private keys are then sent to hackers, who can empty wallets of holdings.
It is unknown how long the extension remained available for Google Chrome users.
As Cointelegraph continues to report, bad actors targeting cryptocurrency users have sought increasingly nefarious methods of tricking novices into handing over access to funds. Just this week, a report identified cryptojacking as a sign of increasingly discreet behavior among hackers.