A Google Chrome extension, BitcoinWisdom Ads Remover was found to be stealing Bitcoin from users while performing fund transfer. Spotted by a Slovenia-based Bitcoin exchange portal Bitstamp, the extension reportedly contained malicious code that could automatically redirect payments to its Bitcoin address, instead of the real address used for making the transaction.
The BitcoinWisdom Ads Remover Chrome extension (now removed from the web store) could remove ads from the BitcoinWisdom.com, but it was stealing Bitcoins of users without their knowledge. The users, if there are no aware of the original intention, will have to face severe irreversible loss.
Confirming the development, Bitcoin Web app developer Devon Weller said the extension was secretly replacing QR codes with its own. The usage of Bitcoins revolves around QR codes where users need to scan the code using their smartphones running a Bitcoin payments app and approve the transfer.
Without QR codes, users need to make use of addresses that consist of long strings of random characters, which will most probably lead to typing errors. These strings consist of 30 to 40 characters and will be very long because of the inability to use vanity addresses.
The BitcoinWisdom Ads Remover Chrome extension manipulated source code of a webpage and replaces the QR code of a payment’s destination with its own without user’s knowledge. From a user point of view, everything looked genuine, but in the back-end, the extension was stealing Bitcoin data.
However, the BitcoinWisdom Ads Remover Chrome extension is finally taken down from the Chrome Web Store. Earlier, users had reported the similar issues with it in July 2015. However, no concrete action was taken by the quality team back then.