恶意 Chrome 插件 “Safery: Ethereum Wallet” 伪装 ETH 钱包窃取用户助记词

链捕手

Yesterday

ChainCatcher 消息，据 GoPlus 中文社区披露，发现名为 “Safery: Ethereum Wallet” 的恶意 Chrome 插件正在窃取用户资产。该插件于 2024 年 11 月 12 日发布，伪装成简单安全的以太坊钱包，但内置后门程序。

攻击手法具有高度隐蔽性：恶意插件将用户助记词编码为 Sui 地址，并通过攻击者控制的 Sui 钱包广播微额交易来窃取助记词。攻击者邮箱为 kifagusertyna@gmail[.]com。目前该恶意插件尚未从 Chrome 应用商店下架。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2583525786"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2583525786\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2583525786?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-11-14 12:00","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2583525786","market":"hk","top_or_hot":-1,"title":"恶意 Chrome 插件 “Safery: Ethereum Wallet” 伪装 ETH 钱包窃取用户助记词","media":"链捕手","content":"<html><body><p>ChainCatcher 消息，据 GoPlus 中文社区披露，发现名为 “Safery: Ethereum Wallet” 的恶意 Chrome 插件正在窃取用户资产。该插件于 2024 年 11 月 12 日发布，伪装成简单安全的以太坊钱包，但内置后门程序。</p><p>攻击手法具有高度隐蔽性：恶意插件将用户助记词编码为 Sui 地址，并通过攻击者控制的 Sui 钱包广播微额交易来窃取助记词。攻击者邮箱为 kifagusertyna@gmail[.]com。目前该恶意插件尚未从 Chrome 应用商店下架。</p></body></html>","source":null,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>恶意 Chrome 插件 “Safery: Ethereum Wallet” 伪装 ETH 钱包窃取用户助记词</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n恶意 Chrome 插件 “Safery: Ethereum Wallet” 伪装 ETH 钱包窃取用户助记词\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1041503808\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">链捕手 </p>\n<p class=\"h-time\">2025-11-14 12:00</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>ChainCatcher 消息，据 GoPlus 中文社区披露，发现名为 “Safery: Ethereum Wallet” 的恶意 Chrome 插件正在窃取用户资产。该插件于 2024 年 11 月 12 日发布，伪装成简单安全的以太坊钱包，但内置后门程序。</p><p>攻击手法具有高度隐蔽性：恶意插件将用户助记词编码为 Sui 地址，并通过攻击者控制的 Sui 钱包广播微额交易来窃取助记词。攻击者邮箱为 kifagusertyna@gmail[.]com。目前该恶意插件尚未从 Chrome 应用商店下架。</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4581","symbol_name":"高盛持仓","start_time":0,"source_url":"https://www.chaincatcher.com/article/2220091","article_id":"2583525786","we_media_id":"1041503808","thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2583525786","pubTimestamp":1763092846,"columns":[],"sourceInfo":null,"weMediaInfo":{"media_name":"链捕手","introduction":"链捕手ChainCatcher 成立于 2018 年，是一家领先的中文 Web3 媒体及数据服务商。","home_visible":1,"id":"1041503808","head_image":"https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5"},"summary":" ChainCatcher 消息，据 GoPlus 中文社区披露，发现名为 “Safery: Ethereum Wallet” 的恶意 Chrome 插件正在窃取用户资产。该插件于 2024 年 11 月 12 日发布，伪装成简单安全的以太坊钱包，但内置后门程序。攻击手法具有高度隐蔽性：恶意插件将用户助记词编码为 Sui 地址，并通过攻击者控制的 Sui 钱包广播微额交易来窃取助记词。攻击者邮箱为 kifagusertyna@gmail[.]com。目前该恶意插件尚未从 Chrome 应用商店下架。 ","collect":0,"end_time":0,"defaultTopTitle":"","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4581":"高盛持仓","ETH":"迷你以太坊ETF-Grayscale","LU0868494708.USD":"UBS (LUX) EQUITY SICAV - US TOTAL YIELD SUSTAINABLE \"P\" (USD) INC","LU0345774391.USD":"NINETY ONE GSF AMERICAN FRANCHISE \"A\" (USD) ACC","SG9999018857.SGD":"United Global Quality Growth Fd Cl Acc SGD-H","LU2404859741.USD":"FUNDSMITH EQUITY FUND \"R\" (USD) INC","IE0002270589.USD":"LEGG MASON CLEARBRIDGE VALUE \"A\" (USD) INC","03009":"博时以太币","LU0868494617.USD":"UBS (LUX) EQUITY SICAV - US TOTAL YIELD SUSTAINABLE \"P\" (USD) ACC","LU2592432038.USD":"WELLINGTON MULTI-ASSET HIGH INCOME \"A\" (USD) ACC","LU2404859667.USD":"FUNDSMITH EQUITY FUND \"R\" (USD) ACC","03179":"嘉实以太币","LU2125154935.USD":"ALLSPRING (LUX) WF GLOBAL EQUITY ENHANCED INCOME \"I\" (USD) INC","LU0690374961.EUR":"FUNDSMITH EQUITY \"R\" (EUR) INC","IE00B19Z9505.USD":"美盛-美国大盘成长股A Acc","BK4533":"AQR资本管理(全球第二大对冲基金)","QETH":"以太坊ETF-Invesco Galaxy","IE00BZ1G4Q59.USD":"LEGG MASON CLEARBRIDGE US EQUITY SUSTAINABILITY LEADER \"A\"(USD) INC (A)","LU0690374615.EUR":"FUNDSMITH EQUITY \"R\" (EUR) ACC","09009":"博时以太币-U","SG9999017495.SGD":"UGDP UNITED GLOBAL QUALITY GROWTH \"B\" (SGD) ACC","LU0061474960.USD":"天利环球焦点基金AU Acc","BK4538":"云计算","SG9999014898.SGD":"United Global Quality Growth Fund Dis SGD","LU0210533765.USD":"JPM GLOBAL GROWTH \"A\" (USD) ACC","LU0323591593.USD":"SCHRODER ISF QEP GLOBAL QUALITY \"A\" (USD) ACC","09179":"嘉实以太币-U","FETH":"以太币ETF-Fidelity","LU1989764748.USD":"东方汇理环球颠覆性机遇A2 Acc","EZET":"以太坊ETF-Franklin","LU1244550221.USD":"FRANKLIN GLOBAL MULTI-ASSET  INCOME \"A\" (USDHEDGED) INC (M)","SG9999015952.SGD":"LIONGLOBAL DISRUPTIVE INNOVATION \"I\" (SGD) ACC","LU1548497426.USD":"安联环球人工智能AT Acc","CETH":"以太坊ETF-21Shares","ETHV":"以太坊ETF-VanEck","SG9999014880.SGD":"大华全球优质成长基金Acc SGD","LU2168564495.EUR":"AZ ALLOCATION - TREND \"AI\" (EUR) ACC","LU2360032135.SGD":"ALLSPRING GLOBAL EQUITY ENHANCED INCOME \"A\" (SGDHDG) INC","09046":"华夏以太币-U","LU0154236417.USD":"BGF US FLEXIBLE EQUITY \"A2\" ACC","03046":"华夏以太币","LU1815333072.USD":"THREADNEEDLE (LUX) GLOBAL FOCUS \"AUP\" (USD) INC","LU2168564222.USD":"AZ ALLOCATION - TREND \"AAZ\" (USDHDG) ACC","LU0640476718.USD":"THREADNEEDLE (LUX) US CONTRARIAN CORE EQ \"AU\" (USD) ACC"},"translate_title":"Malicious Chrome plugin \"Safery: Ethereum Wallet\" disguises ETH wallet to steal user mnemonics","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"03046":1.5,"QETH":1.5,"METHmain":1.5,"FETH":1.5,"EZET":1.5,"ETHV":1.5,"ETH":1.5,"03009":1.5,"09179":1.5,"09046":1.5,"09009":1.5,"03179":1.5,"CETH":1.5},"content_text":"ChainCatcher 消息，据 GoPlus 中文社区披露，发现名为 “Safery: Ethereum Wallet” 的恶意 Chrome 插件正在窃取用户资产。该插件于 2024 年 11 月 12 日发布，伪装成简单安全的以太坊钱包，但内置后门程序。攻击手法具有高度隐蔽性：恶意插件将用户助记词编码为 Sui 地址，并通过攻击者控制的 Sui 钱包广播微额交易来窃取助记词。攻击者邮箱为 kifagusertyna@gmail[.]com。目前该恶意插件尚未从 Chrome 应用商店下架。","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-2","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}