[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIyrZhGfTUfogCBnABAkFOxH8vwbuIIh38WUPIQMnOJw":3},{"article":4,"iocs":50},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":34},"1d3e8e4a-4f09-487b-b583-0eb40dcde08d","We detected 7 dynamic runtime impersonating malicious Chrome extensions. A remote kill-switch tar...","we-detected-7-dynamic-runtime-impersonating-malicious-chrome-extensions-a-remote-9440dd","We detected 7 dynamic runtime impersonating malicious Chrome extensions. A remote kill-switch targets #crypto users. They used deceptive practices including Unicode BIDI spoofing (Ledger, Braavos, etc), dual-identity, BSC drainer and fake Solana wallet: https:\u002F\u002Ft.co\u002FRFSlyaYEna https:\u002F\u002Ft.co\u002FocgVDSAogT","Security researchers discovered 7 dynamic runtime malicious Chrome extensions targeting cryptocurrency users through deceptive practices including Unicode BIDI spoofing, dual-identity tactics, and fake wallet drainers. The extensions impersonate legitimate wallets like Ledger, Braavos, and Solana, and feature a remote kill-switch mechanism. This campaign represents a sophisticated supply-chain attack leveraging browser extensions to compromise crypto asset security.","7 malicious Chrome extensions impersonating crypto wallets detected with Unicode spoofing and remote kill-switch.",null,"https:\u002F\u002Fx.com\u002FUnit42_Intel\u002Fstatus\u002F2054977112126165251","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIS-vQhWUAA_Fln.jpg","2026-05-14T17:28:17+00:00","2026-05-14T18:00:11.640316+00:00",9,[18,21,23,25,27],{"name":19,"type":20},"Chrome","product",{"name":22,"type":20},"Ledger Wallet",{"name":24,"type":20},"Braavos Wallet",{"name":26,"type":20},"Solana Wallet",{"name":28,"type":29},"Binance Smart Chain (BSC)","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":30,"icon":11,"name":32,"slug":33},"Malware","malware",[35,40,45],{"category":36},{"id":37,"icon":11,"name":38,"slug":39},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":41},{"id":42,"icon":11,"name":43,"slug":44},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":46},{"id":47,"icon":11,"name":48,"slug":49},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[51,54,57,61],{"type":33,"value":52,"context":53},"Chrome Extension BSC Drainer","Fake wallet extension targeting Binance Smart Chain assets",{"type":33,"value":55,"context":56},"Fake Solana Wallet Extension","Impersonated Solana wallet extension with remote kill-switch",{"type":58,"value":59,"context":60},"mitre_attack","T1036.005","Masquerading: Match Legitimate Name or Location (Unicode BIDI spoofing)",{"type":58,"value":62,"context":63},"T1566.002","Phishing: Spearphishing Link (fake extension distribution)"]