THREATNOIR
Subscribe
Back to Feed
MalwareMay 14, 2026

We detected 7 dynamic runtime impersonating malicious Chrome extensions. A remote kill-switch tar...

7 malicious Chrome extensions impersonating crypto wallets detected with Unicode spoofing and remote kill-switch.

Read at source

Summary

Security researchers discovered 7 dynamic runtime malicious Chrome extensions targeting cryptocurrency users through deceptive practices including Unicode BIDI spoofing, dual-identity tactics, and fake wallet drainers. The extensions impersonate legitimate wallets like Ledger, Braavos, and Solana, and feature a remote kill-switch mechanism. This campaign represents a sophisticated supply-chain attack leveraging browser extensions to compromise crypto asset security.

Indicators of Compromise

  • malware — Chrome Extension BSC Drainer
  • malware — Fake Solana Wallet Extension
  • mitre_attack — T1036.005
  • mitre_attack — T1566.002

Entities

Chrome (product)Ledger Wallet (product)Braavos Wallet (product)Solana Wallet (product)Binance Smart Chain (BSC) (technology)