Malicious Chrome extension "Safery: Ethereum Wallet" disguises as an ETH wallet to steal users' mnemonic phrases

According to the GoPlus Chinese community, a malicious Chrome extension named "Safery: Ethereum Wallet" has been discovered, which is stealing user assets. This extension was released on November 12, 2024, disguised as a simple and secure Ethereum wallet, but it contains a built-in backdoor.

The attack method is highly covert: the malicious extension encodes the user's mnemonic phrase into a Sui address and broadcasts microtransactions through a Sui wallet controlled by the attacker to steal the mnemonic phrase. The attacker's email is kifagusertyna@gmail[.]com. Currently, this malicious extension has not been removed from the Chrome Web Store.