Security outfit SlowMist has warned TRON users about a phishing campaign aimed at browser wallet extensions that steal crypto data. The firm says it spotted the mischief through its MistEye monitoring system, catching the telltale signs of remote data thievery and curious extension behavior sooner than a fox catching the scent of corn.
According to SlowMist’s reckonin’, the counterfeit extension slips into the Chrome Web Store as a MV3 (Manifest V3) version of TronLink, a ploy to dodge the early watchdogs. After a user installs it, the thing loads a remote interface that imitates the official wallet so well you’d swear it came from the same printer. Folks then type in private keys, mnemonic phrases, and passwords into a page controlled by the bad actors, and the information is snatched away faster than a cat at a canary party.
An Elaborate Phishing Machine
SlowMist reports the attackers used Unicode characters and Cyrillic letters to disguise the extension’s name, making it look legitimate to the unobserving eye. They also played the Chrome listing game, inheriting trust signals like high ratings and lofty install counts, which lulled plenty of browsers into a false sense of security. And to boot, the extension asked only for the most modest of permissions, which helped it slip past the early checkers as if it was wearing a magician’s cape.
The real mischief began after installation. The extension loaded a remote iframe that fully replaced the wallet interface. It hopped between local and remote servers to dodge the watchers, allowing the attackers to refresh phishing content without ever touching the extension itself. That trickery tricked standard security scans into yawning on the job.
The phishing page was a near-duplicate of the genuine TronLink interface. Users entered mnemonic phrases, private keys, and keystore files into the fake system, and the data sprinted straight to attacker-controlled servers and Telegram bots. The page even blocked right-clicks, developer tools, and other inspectors to keep nosy folk from figuring out the con.
Wider Pattern of Crypto Extension Attacks
What happened isn’t a one-off carnival ride; it’s part of a broader parade of malicious browser extensions targeting crypto users. Similar capers have nipped at Trust Wallet and other wallet tools, with losses counting in the millions. Older tunes like “Extension Hollowing” relied on trusted extension listings before turning them into venomous spears.
Security experts urge caution when installing wallet-related browser extensions. They advise checking official extension IDs before installation, avoiding suspicious wallet prompts, removing any unknown extensions, and moving funds immediately if you suspect login details or private keys have been exposed.
Read More
- Brent Oil Forecast
- Silver Rate Forecast
- Gold Rate Forecast
- XRP EUR PREDICTION. XRP cryptocurrency
- EUR KRW PREDICTION
- USD TRY PREDICTION
- EUR CLP PREDICTION
- GBP CAD PREDICTION
- USD RUB PREDICTION
- USD PLN PREDICTION
2026-05-11 14:17