New Online Scams and Malicious Extensions Discussed in SANS Internet Storm Center Stormcast
In the May 22, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich, recording from Jacksonville, Florida, discusses the evolution of online scams and threats related to malicious extensions. The first topic covered is a new variant of a scam involving cryptocurrency wallets. Unlike previous scams where fraudsters left comments with private passphrases for their wallets, this new method uses direct messages on platforms like X. The scammers provide a username and password to access an account on a specific website, but to withdraw funds, an additional key is required. The proposed solution is to create a new account on the site, which allows the transfer of funds without the key. However, to perform this transfer, it is necessary to sign up for a paid VIP account, with costs ranging from $50 to $3000. This scam preys on the victims' greed, enticing them to invest money in the hope of recovering non-existent funds. Another important topic is the threat of malicious browser and code editor extensions. Domain Tools recently published an article on malicious Chrome extensions posing as VPNs and cryptocurrency tools. While these extensions offer surface functionality, they actually steal all user data, including session tokens, usernames, and passwords. The best defense against these threats is to limit the number of extensions installed in the browser. Additionally, DataDog Security Labs identified malicious extensions for Visual Studio Code, a popular code editor. These extensions, which have access to everything the user does in the editor, exfiltrate sensitive data. They appear to particularly target cryptocurrency developers. As with browser extensions, it is crucial to exercise caution when installing extensions for Visual Studio Code and to minimize their number. The practical implications of this information are clear: vigilance is essential to avoid online scams and threats related to malicious extensions. By limiting the number of installed extensions and being skeptical of overly enticing offers, users can better protect themselves against these cyber threats. For more information, watch the full video at the following address: https://www.youtube.com/watch?v=D2rh6wDzaW8