More than 200 Google Chrome users were tricked into participating in a fake airdrop from Huobi, a cryptocurrency exchange based in Singapore. Security experts reported this incident in a blog post on March 14. The attack was orchestrated with the use of a Chrome browser extension with the name NoCoin.
The NoCoin extension was downloaded 230 times before Google deleted it, Harry Denley said. This was a clever attack, since the hackers made the malicious extension appear like a tool that protected users from malware attacks, often referred to as cryptojacking. Denley is a security expert that runs cryptocurrency scam database EtherscamDB, and is familiar to this type of incidents.
When downloaded and executed, the malware seemed to be working just fine, detecting cryptojacking scripts and reporting the results through a nice and well-crafted UI. Nevertheless, the malware was also requesting the input of private keys from popular wallet interfaces MyEtherWallet (MEW) and Blockchain.com. Once in the hands of hackers, the private keys were used to empty wallets of holdings.
In order to deceive novice users, the malware was laying at the end of a giveaway campaign, supposedly offered by cryptocurrency exchange Huobi. The possibility of acquiring worthless ERC20 Etherum network-based tokens was the bait the hackers used.