slowmist.medium.com
High-Risk Phishing Campaign Targets TRON Wallet Users via Fake Chrome Extension
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign targeting TRON wallet users has been identified, involving a fake Chrome extension masquerading as the TronLink wallet. This malicious extension employs Unicode bidirectional control characters and Cyrillic homographs to impersonate the brand. Once installed, it loads a remote phishing page through an iframe, effectively stealing sensitive information such as mnemonic phrases, private keys, and passwords. The extension's Chrome Store page inherits the reputation of a legitimate extension, making it difficult for users to detect the threat. SlowMist has issued a security alert advising users to uninstall the extension and take precautions. The attack leverages minimal local code, complicating static analysis and detection efforts. The campaign highlights the evolving nature of browser extension abuse, which now requires more sophisticated detection methods.
Key Points: • A fake TronLink Chrome extension targets TRON wallet users to steal credentials. • The extension uses Unicode and homographs to impersonate the legitimate brand. • SlowMist recommends immediate uninstallation and credential review for affected users.