Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Researchers have discovered a malicious Chrome extension called "Safery: Ethereum Wallet" that poses as a legitimate crypto wallet while secretly stealing users' seed phrases. This security breach highlights the importance of being vigilant when interacting with extensions on our Chrome browser.
An alarming discovery has been made by researchers at Socket's Threat Research Team, highlighting a malicious Chrome extension called "Safery: Ethereum Wallet" that poses as a legitimate crypto wallet while secretly stealing users' seed phrases. This devastating security breach is a stark reminder of the importance of being vigilant and cautious when interacting with extensions on our Chrome browser.
The Safery Chrome Extension was uploaded to the Chrome Web Store on September 29, 2025, and despite warnings from researchers requesting its removal, it remains available for download, masquerading as a secure Ethereum wallet. The extension's malicious activities were first uncovered by the Socket's Threat Research Team, who discovered that it encodes users' seed phrases into synthetic Sui-style addresses and sends tiny amounts of SUI microtransactions to these addresses.
According to the researchers, when a user creates or imports a wallet using the Safery Chrome Extension, it maps each seed word to its index, packs indices into hex, pads to 64 characters, and prefixes them with 0x. The attacker later decodes recipients to reconstruct the exact seed phrase and drain affected assets.
Furthermore, researchers noted that the extension hides a covert Sui exfiltration channel by encoding users' mnemonic phrases into one or two synthetic Sui-style addresses. This technique enables threat actors to switch chains and RPC endpoints with minimal effort, rendering traditional detection methods ineffective.
The Safery Chrome Extension is a prime example of how malicious actors can exploit the trust placed in legitimate extensions on the Chrome Web Store. The researchers' discovery serves as a wake-up call for users to exercise caution when installing extensions and to regularly review their browser's security settings.
Furthermore, this incident highlights the importance of staying informed about the latest security threats and vulnerabilities in the cryptocurrency space. As blockchain technology continues to grow in popularity, it is essential that users remain vigilant against sophisticated attacks like the one perpetrated by the Safery Chrome Extension.
The researchers' report concludes that defenders should expect reuse across Sui, Solana, and EVM chains as well as across other wallet UIs. This emphasizes the need for a comprehensive security strategy to protect users from threats like the Safery Chrome Extension.
In light of this discovery, users are advised to be cautious when installing extensions on their Chrome browser and to regularly review their browser's security settings. Additionally, users should ensure that they have up-to-date antivirus software and a reliable internet connection to detect and block any malicious activities.
As the cryptocurrency space continues to evolve, it is essential that users remain informed about the latest security threats and vulnerabilities. By staying vigilant and taking proactive measures, we can mitigate the risks associated with malicious extensions like the Safery Chrome Extension and protect our digital assets.
| Follow @EthHackingNews |