Research Summary
The report investigates a malicious Chrome extension, Aggr, which has been stealing funds from Binance accounts. The extension steals cookies from websites visited by the user, enabling the attacker to hijack cookies and perform contra trade attacks on various trading sites, stealing users’ crypto assets.
Key Takeaways
Malicious Extension’s Modus Operandi
- Stealing Cookies: The malicious Aggr extension steals cookies from websites visited by the user. This allows the attacker to hijack cookies and perform contra trade attacks on various trading sites, stealing users’ crypto assets.
- Extension’s Permissions: The extension requests a series of permissions, such as accessing all websites, reading and modifying browser tabs, and accessing browser storage. These permissions allow the extension to broadly access the user’s browsing activity and data.
Impact of the Attack
- Loss of Funds: Users who installed the malicious extension had their funds stolen. For instance, Twitter user @CryptoNakamao reported losing 1 million USD due to downloading the malicious Chrome extension Aggr.
- Stolen User Permissions: The malicious extension was able to steal user permissions and authentication information because it could directly access and manipulate the user’s browser environment and data.
Preventive Measures
- Enhancing Personal Security Awareness: Users are advised to enhance personal security awareness and always maintain a skeptical attitude. They should only install extensions from trusted sources and use a secure browsing environment.
- Regular Account Check: Users should regularly check account login activities and transaction records, and take action immediately if suspicious behavior
