GoPlus：伪装成以太坊钱包的恶意 Chrome 插件通过编码交易窃取用户助记词

foresightnews

Nov 14, 2025

Foresight News 消息，据 GoPlus 监测，其发现一款伪装成以太坊钱包的恶意 Chrome 插件 Safery: Ethereum Wallet，通过将用户助记词编码进 Sui 链上交易窃取资产。该插件于 2024 年 11 月 12 日发布，其中包含一个后门，通过将用户助记词编码为 Sui 地址并从攻击者控制的 Sui 钱包广播微额交易来窃取用户助记词，具有很高的隐蔽性。攻击者邮箱为 kifagusertyna@gmail[.]com，当前该插件还未从 Chrome 应用商店下架。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2583523275"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2583523275\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2583523275?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-11-14 12:28","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2583523275","market":"hk","top_or_hot":-1,"title":"GoPlus：伪装成以太坊钱包的恶意 Chrome 插件通过编码交易窃取用户助记词","media":"foresightnews","content":"<html><body><p>Foresight News 消息，据 GoPlus 监测，其发现一款伪装成以太坊钱包的恶意 Chrome 插件 Safery: Ethereum Wallet，通过将用户助记词编码进 Sui 链上交易窃取资产。该插件于 2024 年 11 月 12 日发布，其中包含一个后门，通过将用户助记词编码为 Sui 地址并从攻击者控制的 Sui 钱包广播微额交易来窃取用户助记词，具有很高的隐蔽性。攻击者邮箱为 kifagusertyna@gmail[.]com，当前该插件还未从 Chrome 应用商店下架。</p></body></html>","source":"foresightnews_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>GoPlus：伪装成以太坊钱包的恶意 Chrome 插件通过编码交易窃取用户助记词</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nGoPlus：伪装成以太坊钱包的恶意 Chrome 插件通过编码交易窃取用户助记词\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-11-14 12:28 北京时间&nbsp;&nbsp;&nbsp;<a href=https://foresightnews.pro/foresightnews/news/detail/90084><strong>foresightnews</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>Foresight News 消息，据 GoPlus 监测，其发现一款伪装成以太坊钱包的恶意 Chrome 插件 Safery: Ethereum Wallet，通过将用户助记词编码进 Sui 链上交易窃取资产。该插件于 2024 年 11 月 12 日发布，其中包含一个后门，通过将用户助记词编码为 Sui 地址并从攻击者控制的 Sui 钱包广播微额交易来窃取用户助记词，具有很高的隐蔽性。攻击者...</p>\n\n<a href=\"https://foresightnews.pro/foresightnews/news/detail/90084\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"LU0648001328.SGD","symbol_name":"Natixis Harris Associates US Equity RA SGD","start_time":0,"source_url":"https://foresightnews.pro/foresightnews/news/detail/90084","article_id":"2583523275","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2583523275","pubTimestamp":1763094480,"columns":[],"sourceInfo":{"source_id":"foresightnews_live","name":"foresightnews"},"weMediaInfo":null,"summary":"Foresight News 消息，据 GoPlus 监测，其发现一款伪装成以太坊钱包的恶意 Chrome 插件 Safery: Ethereum Wallet，通过将用户助记词编码进 Sui 链上交","collect":0,"end_time":0,"defaultTopTitle":"foresightnews.pro","property":[],"viewcount":null,"language":"zh","relate_stocks":{"LU0648001328.SGD":"Natixis Harris Associates US Equity RA SGD","LU0868494617.USD":"UBS (LUX) EQUITY SICAV - US TOTAL YIELD SUSTAINABLE \"P\" (USD) ACC","LU1880398554.USD":"AMUNDI FUNDS GLOBAL EQUITY \"A2\" (USD) INC","LU2592432038.USD":"WELLINGTON MULTI-ASSET HIGH INCOME \"A\" (USD) ACC","GB00B4LPDJ14.GBP":"FUNDSMITH EQUITY \"R\" (GBP) ACC","CETH":"以太坊ETF-21Shares","09179":"嘉实以太币-U","03179":"嘉实以太币","BK4585":"ETF&股票定投概念","QETH":"以太坊ETF-Invesco Galaxy","LU0345770308.USD":"NINETY ONE GSF GLOBAL STRATEGIC EQUITY \"A\" (USD) ACC","ETHU":"2倍以太币期货ETF-Volatility Shares","GOOGL":"谷歌A","LU0006306889.USD":"SCHRODER ISF US LARGE CAP \"A\" (USD) INC AV","LU1145028129.USD":"ALLIANZ INCOME AND GROWTH \"AQ\" (USD) INC","ETHV":"以太坊ETF-VanEck","09046":"华夏以太币-U","EZET":"以太坊ETF-Franklin","LU1989764664.SGD":"CPR Invest - Global Disruptive Opportunities A2 Acc SGD-H","LU1815336760.USD":"THREADNEEDLE (LUX) GLOBAL TECHNOLOGY \"AUP\" (USD) INC","LU2023250504.SGD":"Allianz Thematica Cl AMg DIS H2-SGD","ETHW":"以太坊ETF-Bitwise","LU1084165304.USD":"FIDELITY WORLD \"A\" (USD) ACC","SG9999014898.SGD":"United Global Quality Growth Fund Dis SGD","IE00BJLML261.HKD":"HSBC GLOBAL EQUITY INDEX \"HCH\" (HKD) ACC","LU2028103732.USD":"ALLIANZ GLOBAL SUSTAINABILITY \"AMG\" (USD) INC","IE0004086264.USD":"BNY MELLON GLOBAL OPPORTUNITIES \"A\" (USD) ACC","IBIT":"比特币ETF-iShares","LU1914381329.SGD":"Allianz Best Styles Global Equity Cl ET Acc H2-SGD","03046":"华夏以太币","LU0157215616.USD":"FIDELITY GLOBAL FOCUS \"A\" INC","LU1989764748.USD":"东方汇理环球颠覆性机遇A2 Acc","LU0985320562.USD":"NORDEA 1 GLOBAL STARS EQUITY \"BP\" (USD) ACC","ETH":"低成本以太坊ETF-Grayscale","SG9999015952.SGD":"LIONGLOBAL DISRUPTIVE INNOVATION \"I\" (SGD) ACC","LU0170899867.USD":"EASTSPRING INVESTMENTS WORLD VALUE EQUITY  \"A\" (USD) ACC","LU1429558221.USD":"Natixis Loomis Sayles US Growth Equity RA USD","ETHA":"以太坊ETF-iShares","FETH":"以太币ETF-Fidelity","LU2264538146.SGD":"Fullerton Lux Funds - Global Absolute Alpha A Acc SGD","03009":"博时以太币","LU0466842654.USD":"HSBC ISLAMIC GLOBAL EQUITY INDEX \"A\" (USD) ACC","LU1235294995.USD":"FIDELITY GLOBAL TECHNOLOGY \"A\" (USDHDG) ACC","GB00B4QBRK32.GBP":"FUNDSMITH EQUITY \"R\" (GBP) INC","ETHE":"最大以太坊ETF-Grayscale","09009":"博时以太币-U"},"translate_title":"GoPlus: Malicious Chrome Plugin Masquerading As Ethereum Wallet Steals User Mnemonic Words Through Encoded Transactions","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"ETHA":1.5,"ETHV":1.5,"03009":1.5,"CETH":1.5,"ETHE":1.5,"ETHW":1.5,"03179":1.5,"QETH":1.5,"09046":1.5,"ETH":1.5,"09179":1.5,"03046":1.5,"FETH":1.5,"09009":1.5,"ETHU":0.6,"EZET":1.5,"GOOGL":1.5,"IBIT":1.5},"content_text":"Foresight News 消息，据 GoPlus 监测，其发现一款伪装成以太坊钱包的恶意 Chrome 插件 Safery: Ethereum Wallet，通过将用户助记词编码进 Sui 链上交易窃取资产。该插件于 2024 年 11 月 12 日发布，其中包含一个后门，通过将用户助记词编码为 Sui 地址并从攻击者控制的 Sui 钱包广播微额交易来窃取用户助记词，具有很高的隐蔽性。攻击者邮箱为 kifagusertyna@gmail[.]com，当前该插件还未从 Chrome 应用商店下架。","kind":"live","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}