Cybersecurity researcher Harry Denly discovered malicious code in the Shitcoin Wallet, which comes as an extension for the Google Chrome browser.
The app scans traffic from popular wallets and exchanges, such as MyEtherWallet, IDEX, Binance, Switcheo, and others, looking for passwords, private keys, and other confidential information, and then sends the data to a remote server. Denly reported this
The creators of Shitcoin Wallet claim that the assets in their wallet are insured, which is suspicious, because until recently, even large companies in the cryptocurrency industry could not provide their customers with such a service. In addition, new users are lured through promises to provide non-custodial storage and daily token giveaways.
Recall that a few days ago Google deleted
the MetaMask app from Google Play due to the fact that it allegedly provided an opportunity to engage in mining (Google prohibits mining on mobile devices). The developers tried to protest the decision, citing the fact that there is no such functionality in the extension, but the appeal was rejected.