Casa announced in a post published on its official blog on Sept. 5 that the mobile wallet is now available for download. Furthermore, Casa notes that the latest version of the app can be used without the company’s hardware Bitcoin Lightning node, but users who do not connect the app to a node do not have access its Lightning Network capabilities.
Bitcoin-focused technology firm Casa announced that its Sats mobile Bitcoin wallet app is now available for both iOS and Android devices.
The app supports a public address-naming system dubbed SatsTag. When Bitcoin is sent using a SatsTag, a new address is derived from the receiver’s public key and provided to the sender. Sending by scanning QR codes is still available.
The company also claims that the wallet is completely non-custodial and that the user keeps control of their private key – which is saved on the phone’s secure enclave – at all times.
The news follows another announcement by the company concerning the release of a node monitor and accompanying rewards program to promote Bitcoin network health.
Anemic demand for cryptocurrency apps
As Cointelegraph reported at the end of June, the download count of cryptocurrency-related mobile applications is not increasing despite Bitcoin’s recent price surge. Data from mobile app analytics firm App Annie showed there were 65.8 million cryptocurrency-related app downloads in the first half of 2018, while in the first six months of this year there were 67 million, an increase of only 1.82%.
Chrome Browser Extension Ethereum Wallet Injects Malicious JavaScript To Steal Data
An Ethereum (ETH) wallet known as “Shitcoin Wallet” is reportedly injecting malicious javascript code from open browser windows to steal data from its users. On Dec. 30, cybersecurity and anti-phishing expert Harry Denley warned about the potential breach in a tweet:
According to Denley’s tweet, Chrome browser crypto wallet software Shitcoin Wallet is targeting Binance, MyEtherWallet and other well-known websites containing users’ passwords and private keys to cryptocurrency.
The Shitcoin Wallet Chrome extension – ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn – works by downloading a number of javascript files from a remote server. The code then searches for open browser windows containing webpages of exchanges and Ethereum network tools.
The code attempts to scrape data input into those windows. Once it does, the information is sent to a remote server identified as “erc20wallet.tk”, which is a top-level domain address belonging to Tokelau, a group of South Pacific Islands that are part of New Zealand’s territory.
Google Chrome removed MetaMask, but for different reasons
Shitcoin Wallet stealing user data may sound similar to recent incidents including Apple threatening to unlist Coinbase’s mobile DApp browser from its app store and Google removing Ethereum wallet app MetaMask from its Google Play App Store last week. Both of those instances, however, have been subject to considerable controversy due to lack of evidence of malicious conduct on the part of those apps.
A number of cryptojacking extensions were found on the Google Chrome web store last year. According to a recent report from McAfee Labs, cryptojacking, which occurs when a user’s computing device is secretly used to mine cryptocurrency, has been on the rise, up 29% in Q1 2019.
Shitcoin Wallet was built for trouble online
While the name should be a dead giveaway that it’s better to stay away from this particular Ethereum wallet software, Shitcoin Wallet contains some suspicious added features.
According to a company blog post, the Ethereum wallet, which launched on Dec. 9 and claims to have over 2,000 users, is a web-based wallet that has several extensions for different browsers. The blog post notes;
“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article.”
However, this doesn’t square with what the company mentions at the end of that very blog post, which says/reads that Shitcoin Wallet is currently only supported by Chrome.
A few days prior to the malicious javascript attack, Shitcoin Wallet announced the launch of its new desktop app, giving away 0.05 ETH to users who download and install the Shitcoin Wallet desktop app.
While those users may have received a bit of free ETH, they are now left vulnerable to having their data scraped and personal information compromised.
