Bitstamp, a bitcoin exchange portal based in Slovenia, has issued a warning to users of a Google Chrome extension which steals bitcoin while making a transfer.
The name of the extension is BitcoinWisdom Ads Remover, and its purpose is to remove ads from BitcoinWisdom.com, a website for consulting all kinds of Bitcoin-related statistics, all presented in easy-to-understand charts.
Bitstamp, a website which provides exchange service of bitcoins for US dollars, reported that this extension comprises malicious code that redirects payments to its own Bitcoin address, instead of the one intended by the user while transaction.
Even Devon Weller, Bitcoin Web app developer confirmed the findings of Bitstamp. He said that the extension was secretly replacing QR codes with its own.
In case you haven’t used Bitcoin until now, QR codes are one of the ways by which you can make payments or transfer Bitcoin from one account to the other.
Since Bitcoin’s account (a.k.a wallet) addresses are pretty long, some of the bitcoin exchange sites render them as QR codes. Thereafter, users with Bitcoin payments app can scan the QR code and approve the payment.
Coming back to the malicious extension, the BitcoinWisdom Ads Remover was making wrong use of its position to manipulate a Web page’s source code and replace the QR code of a payment’s destination with one of its own.
Bitcoins doesn’t use vane address so technologies like QR are required to simplify things as it’s hard to enter a 30-40-long string with no typos.
The extension is still available to download from Google’s Chrome Web Store. In fact, the same extension was reported for such an abuse in 2015 too.
@bitstamp Confirmed. I looked at the source code. It replaces QR code images on bitcoin exchanges with its own addresses.
— Devon Weller (@wellerco) March 11, 2016