Casa CEO, Jeremy Welch has expressed concerns about, malicious browser extensions, noting that some may pose a risk to users’ bitcoin holdings.
Addressing a crowded conference room during this weekend’s Baltic Honeybadger meeting in Riga, Welch urged proper due diligence when it came to bitcoin and browser security.
Browser extensions impose major risks, and these risks haven’t been discussed until this point… Make sure you don’t expose your bitcoin addresses anywhere.
Somewhat unbeknownst to any casual peruser of the internet, dangers lurk around pretty much any URL. Browser extensions are perhaps the most insidious element, containing trackers to monitor user information and gather data. While these may not necessarily be menacing in themselves, they can provide scammers with a great resource to expose users to further threat.
Speaking further on the matter, Welch elaborated on several examples, including a seemingly harmless extension that provides wallpapers depicting motivational quotes. In reality, this outwardly innocuous add-on is actually malware stealing KYC data as you fill in online compliance forms. Such threats can appropriate identification such as passports via code which is later portrayed as a graphic depiction.
You got a nice background here, and you don’t realize that your browser is actually dumping data
Moreover, Welch explained how some extensions allow the diversion of funds, altering a receiving address and channeling it to the hacker’s own.
Even if wallpaper apps aren’t your thing, you may be surprised to learn that Welch highlighted more mainstream iterations, such as editing app, Grammarly, as well as the Joule extension for lightning transactions.
The issues remain that there is no real way to know which browsers are dependable and which are not. As Welch notes, something as simple as a software update could prove to destabilize the security of a browser extension and provide access for bad actors.
Source: Will Heasman – Cryptoglobe