Shitcoin Wallet Pushes Malicious Codes to Steal Crucial Information

An ominously named web-based Ethereum wallet, Shitcoin Wallet, is pushing malicious codes into the blockchain to collect exchange-related credentials. The app is adding malicious javascript codes in the wallet, which is stealing user information.

Security expert reveals the problem

The app’s activities were revealed by security and anti-phishing expert Harry Denley who said that the codes were collecting the credentials on all major crypto exchanges alongside MyCryptoWallet.

He wrote on Twitter, “A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork” and “Extension-native wallet create also sends secrets to their backend! Bad guys: erc20wallet[.]tk ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md.”

The wallet works like an extension on Google Chrome and downloads javascript files from a remote server. Once the code is downloaded, it scraps the browser for open tabs and web pages related to crypto entities to steal their data. The data is sent to a remote server called “erc20wallet.tk.” The top-level domain is identified as being located to a New Zealand based group called Tokelau.

The Shitcoin wallet is designed to hold Ethereum and other ERC-20 tokens and has over 2,000 users. The company suggests that it is a Windows-based desktop application even though it actually works as a Chrome extension. In another blog post, it suggests that “It is a web wallet which has several extensions for different browsers.”

Wallets are infamous for stealing

In recent years, several web browsers have been found to have malicious codes. However, most of these wallets have tried to mine digital currencies using the user’s devices. The infamy of crypto wallets led to Google banning MetaMask, a popular Ethereum wallet, and a dApp browser from the Play Store. The tech giant said that the app violates its financial policy. The company didn’t specify the exact reasons but the feature could be related to mining, which is strictly banned from the store.