We often emphasize that potentially unwanted programs might inadvertently become cybercrime tools, and here comes a very good example with Shitcoin Wallet. This app is actually a browser extension for Chrome. It should help users access they Ethereum cryptocurrency wallets. However, security specialists warn that there is malicious code inside this extension, and it can steal your private information. Therefore, if you happen to have this extension added to your browser, you need to remove Shitcoin Wallet right now. It should be easy to get rid of this extension on your own, but you can always invest in a licensed antispyware tool, too.
So, where does Shitcoin Wallet come from? Like it is common with potentially unwanted programs, it has an official homepage. The homepage is located at shitcoinwallet.co, and you can easily install the extension through there. However, some users will say that they have never opened that website, and so they have no idea how this app entered their systems. And that is totally understandable, but we have to remember that potentially unwanted apps often employ different distribution routes, and sometimes users install them accidentally. For instance, it is not unheard of for unwanted applications to reach users in software bundles. This is especially relevant if you often download programs from third-party sources.
On the other hand, it is hard to tell whether Shitcoin Wallet is malicious or not, especially as the extension is available at the Chrome Web Store. Hence, if users often dab in cryptocurrency, they might not consider the possibility that there is something wrong with this extension.
In fact, it is very likely that the malicious code was embedded in the app by a malevolent third party, and the extension creators have nothing to do with it. So, what happens if you have Shitcoin Wallet on your browser, and this malicious code is activated?
Based on security research data, Shitcoin Wallet has a malicious JavaScript code that is activated when users access certain websites. Users give the extension permission to launch this code when they add it to their browser. Have you noticed that each time you add a new extension to your browser; you always see a pop-up that asks you for permission? While it is absolutely normal, these permissions also allow Shitcoin Wallet to launch the dangerous code, too.
The malicious code is activated when users access MyEtherWallet.com, Binance.org, Idex.Market, NeoTracker.io, and Switcheo.exchange. In fact, Shitcoin Wallet requires you to give permission to inject JavaScript code on 77 websites in total. But that eventually results in running an obfuscated code that can record your login credentials and other personal data. From that, we can see that Shitcoin Wallet can work as an espionage tool. We also know that once it connects the sensitive data, it transfers all the logged information to erc20wallet.tk. So, virtually, it allows the people who injected that malicious code into the extension to steal your cryptocurrency funds.
It goes without saying that you need to remove Shitcoin Wallet from your browser right now. After that, you have to change your passwords on the websites that have been compromised. Please note that you shouldn’t reuse passwords. If you find it hard to come up with new unique passwords for each account that was compromised, consider using a password manager app.
When you remove Shitcoin Wallet from your browser, do yourself a favor and run a full system scan with a security tool of your choice. Since potentially unwanted programs often come in bundles, it wouldn’t be surprising if you had more unwanted programs running. Do not stop until you remove all the potential threats.