News Another Malicious Crypto Wallet App Stealing Private Keys and...

Another Malicious Crypto Wallet App Stealing Private Keys and Data


- Advertisment -

Another Malicious Crypto Wallet App Stealing Private Keys and DataHarry Denley, director of security at MyCrypto, “an open-source…tool for generating ether wallets,” has warned the public about a malicious crypto wallet app called “Shitcoin Wallet,” which, according to Zero Day, “was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.”

Shitcoin Wallet reportedly became available for download at the Google Chrome web store on December 9th. At press time, the Shitcoin Wallet is no longer available at its Google Chrome address.

Denley says any funds run through the Shitcoin Wallet extension could be lost. The application also installs malicious JavaScript code designed to steal login details and private keys when people interface with 77 websites, including several popular cryptocurrency exchanges and storage applications.

Affected legitimate applications allegedly included:

  •, Idex.Market,,, and

According to Zero Day, “Once activated, the malicious JS code records the user’s login credentials, searches for private keys stored inside the dashboards of the five services, and, finally, sends the data to erc20wallet[.]tk.”

As well, “It is unclear if the Shitcoin Wallet team is responsible for the malicious code, or if the Chrome extension was compromised by a third-party. A spokesperson for the Shitcoin Wallet team did not reply to a request for comment before this article’s publication.”

Shitcoin Wallet is one of many cryptocurrency-stealing “wallet apps” in circulation.

Several wallet scams are profiled in Harry Denley’s end-of-year crypto security blog post, including, “The CCB Cash extension…designed to steal your login credentials… (which) stole over 12 BTC.”

Denley also wrote about scams stemming from cryptocurrency airdrops, whereby exchanges or token projects give away free crypto tokens for promotion.”Unsolicited airdrops can be useful(?),” Denley writes, “but be vigilant to inform yourself as to what they are advertising. This story investigates a big airdrop campaign that ties into a fake MyEtherWallet UI to steal your wallet secrets!”

Denley also wrote about Android APK’s (Android Package Kits) impersonating the Trezor hardware wallet, MetaMask and My Crypto Android and, “designed to steal your wallet secrets (private keys, mnemonics, etc.)…”

Reactions to the news about Shitcoin Wallet have been varied, with Ted Ahern musing on Twitter: “If you can’t trust Shitcoin Wallet, who can you trust?”



Please enter your comment!
Please enter your name here

Latest news

What is LEO Token and Can It Help Fund a Rehab Journey?

TL;DR: In this article you will learn what is LEO token, how it works and how can...

How To Trade Like A Professional Trader: Tips and Perspectives

In this article we will give valuable tips on how to trade like a professional...

DAOWallet Develops A New-Age and Secure Crypto and Fiat Gateway

It is almost impossible to analyze the factors impeding the mainstream adoption of cryptocurrency without mentioning the...

Snapped Up! WaykiChain ROG Genesis Yield Farming Round 1 Subscription Completed

Round 1 Subscription of WaykiChain’s ROG Genesis Yield Farming scheduled to start at 20:00 HKT on September...
- Advertisement -

KryptoCibule: The Cryptostealing Malware

ESET antivirus researchers have announced the discovery of an unknown trojan malware family that spreads through malicious...

Crypterium Signs New Partnership with Apple Pay, Unveils its Virtual Card

In late 2017 when Bitcoin and other digital assets became quite popular, the consensus amongst enthusiasts was...

Must read

- Advertisement -

Read Next
Recommended to you