A recent security breach has exposed a concerning vulnerability in Google Chrome. Hackers have managed to compromise a legitimate Chrome extension, QuickLens, which was previously trusted by users to perform Google Lens searches within the browser. This malicious tool was designed to steal cryptocurrency credentials and wallet addresses, posing a significant risk to users' digital assets.
The attack unfolded when the extension's developer sold the ownership, and a new version was released with hidden malicious scripts. These scripts introduced ClickFix attacks and info-stealing functionality, targeting users' sensitive information. John Tuckner, founder of Annex Security, highlighted the severity of this incident, emphasizing the extension supply chain problem. The attacker was able to distribute the malicious update to all 7,000 legitimate users through Chrome's auto-update feature, which requires only a single permission prompt.
This incident is not an isolated case. It is the latest in a series of compromised browser extensions that have targeted cryptocurrency users. In the past, Trust Wallet's official Chrome extension was also hacked, resulting in the theft of millions of dollars' worth of crypto. The common thread in these attacks is the exploitation of legitimate tools, which users trust, to steal sensitive information.
Google has taken prompt action by removing the compromised QuickLens extension from the Chrome Web Store and disabling it within the browser. However, this incident serves as a stark reminder of the importance of vigilance and caution when using browser extensions. Users should only update official apps and services from official sites using known and trusted URLs, avoiding pop-ups or links that may lead to potential security risks.
