Chrome extension ‘Safery’ steals crypto wallet seed phrases

A malicious Chrome extension named "Safery: Ethereum Wallet" has been identified by Socket's Threat Research Team, deceiving users by posing as a legitimate crypto wallet while actually stealing their seed phrases, Security Affairs reports.

The deceptive extension, formerly available for download on the Chrome Web Store, was designed to encode seed phrases into synthetic Sui-style addresses hidden in blockchain transactions. By sending small SUI microtransactions to these addresses, the attacker can later decode them to retrieve the victim's seed phrase and access their crypto assets. The extension's presence in search results for "Ethereum Wallet" increases the risk of unsuspecting users falling victim to the scam.

The incident highlights the evolving tactics of cybercriminals to exploit public blockchains for data exfiltration, bypassing traditional detection methods. The need for heightened vigilance in verifying the authenticity of browser extensions is emphasized, as well as the importance of prompt action by platform providers to remove malicious software.

Source: Security Affairs