Chrome’s Extension Nigelify Was Used to Mine Cryptocurrencies

More and more malicious addresses infect users’ devices. The latest breakthrough was made by Radware researchers. They identified a Chrome extension that was meant to illegally mine cryptocurrency.

With the growth of the crypto sector and the increasing number of investors, there are taking place more and more hacker attacks. Several cryptocurrency trading platforms have already advised clients to secure their accounts at least through the two-factor-authentication method.

An expert advice is to keep your private keys in a hardware wallet, such as Trezor or Ledger Nano S, due to their high security. However, it seems that thefts of access to the crypto wallets should not worry us the most. The researchers have identified a new way for hackers to reach the user’s device and mine cryptocurrency, namely Google Chrome extensions.

Radware’s cybersecurity firmware revealed on 10 May that a number of cybercriminals used the Chrome extension called Nigelify, which consisted of malicious code to break the system of each user and take control of it. It’s assumed that their purpose is to mine crypto assets. Unfortunately, the scam extension can avoid Google’s checking for some encrypted forgery.

Radware claimed that the cybercriminals behind the malware “has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries.” The infected equipment are located in large proportions in Ecuador, Philipines, and Venezuela.

Figure 1: The malware kill chain

How it works

According to the researchers, “the malware redirects victims to a fake YouTube page and asks the user to install a Chrome extension to play the video.” If you click on “Add Extension”, your device will be infected with a cryptographic virus and will be under the control of hackers. The malware is available on both Windows and Linux operating systems.

Figure 2: Fake YouTube page

Taking into account the Radware’s research, the malware extension can use any device to mine Monero, Electroneum, and Bytecoin. The cybersecurity firm reveals that malware extension has managed to mine $ 1,000 worth of crypto assets in just six days.