Even at the beginning of the year, criminals didn’t take time off and used the occasion to launch another attack against the crypto newbies by announcing a fake airdrop of just 0.05 ETH. In this case, the malware is hidden in an Ethereum wallet.
This is a scam designed by Shitcoin Wallet, launched just under a month ago with the fake goal of providing a web platform to receive and send tokens.
As if the name of the wallet wasn’t enough to arouse suspicion among the victims, by downloading the app the users were promised to receive 0.05 Ethereum, i.e. 6 dollars, a very low figure which, however, led many victims to fall into the trap of the hackers, roughly 2,000 according to what can be seen from the transaction data.
The hackers had published a post stating that the first 500 users to download the Shitcoin wallet would receive 0.05 Ethereum.
Fortunately, a tweet was quickly published explaining that, after analysing the code of the wallet, they found a suspicious and fraudulent behaviour: after downloading the wallet, a malware would steal the information stored on platforms like Binance, MyEtherWallet or SwitcheoNetwork.
⚠️ A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md— {harry,whg}.eth 🦊💙 (@sniko_) December 31, 2019
In addition to the web extension for Chrome, which is still active, Shitcoin wallet is also available as a desktop version and even this one has unfortunately been downloaded by many users who have reported problems with viruses blocking and encrypting files on their computers.
How to be protected from these scams?
Before downloading a file or program it is a good idea to check the domain of the website, in the case of the Shitcoin wallet it is difficult to recover the origin or the creation of the website; moreover MetaMask displays a message warning that the address of the page leads to malicious content.
The victims of this fraud have no solutions considering that they have lost both the funds and the credentials of the various services, along with all their private information, nevertheless it is certainly recommended to block the accounts involved and warn the platforms of the damage incurred.
During December alone, there have been many scams, such as the one that took advantage of Taylor Swift‘s name or that of the activist Greta Thunberg.