Malicious Chrome Extension Steals Crypto Seed Phrases Using Clever Sui Blockchain Trick
A new crypto wallet extension, “Safery: Ethereum Wallet,” is actively stealing user seed phrases. The dangerous extension is already listed on the official Chrome Web Store, which is extremely dangerous. Its misleading listing makes it close to authentic wallets, which heightens the risk to the users.
Fake Wallet Bypasses Backdoor to steal Secrets.
This fraudulent extension has been warned in a serious manner by blockchain security firm Socket. It purports to be a secure asset management platform to control Ethereum’s-based assets with simple and efficient controls. The extension however contains a backdoor mechanism that is crafty to steal master keys. This harmful extension was uploaded at the end of September Moreover, and it was recently updated as late as November 12.
The seed phrase of the user is instantly stolen on creation or importing. The extension then ciphers the secret phrase into syntactic Sui wallet addresses. Then, the process basically conceals the key as a public blockchain address.
This is a discreet method that is difficult to detect using the traditional method. It propagates stolen data without the traditional command and control server. This advanced strategy is approved by the analysis of Koi Security. The threat actor merely tracks the Sui blockchain to decode addresses of the recipients. Thus, they can then reassemble the seed phrase that was used and empty all the victim funds in a short period of time.
The Sneaky Process Outwits General Defenses.
An attack chain initiates when a user enters a valid seed phrase. It is coded into the counterfeit Sui addresses. Micro-transactions of a small quantity of SUI are then sent out by a hardcoded wallet which is controlled by the attacker. This minor deal is the secret message. It enables the attacker to access the stolen information at the very public ledger.
Flexible Technique Evades Standard Security
Security researcher Kirill Boychenko observed that the technique is extremely flexible to the threat agents. They can readily cross over chains and domain specific detection becomes inapplicable. Moreover, the privacy policy of the developer was a lie that claimed that it would not collect data. They alleged also that private keys would remain on the device of the user. This is the opposite of the real, intent to do harm functionality of the extension.
Users should be very wary of this menace and such like scams. Security gurus highly recommend that, one only uses the most trusted and established wallet extensions. Defenders need to scan extensions with respect to mnemonic encoders. Crucially, they ought also to be on alert to address generators which are synthetic. Any random RPC requests, particularly one to a different blockchain such as Sui, must be deemed a b