Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Safery: Ethereum Wallet seed-phrase theft extension

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Safery: Ethereum Wallet Chrome extension is exfiltrating seed phrases from would-be Ethereum wallet users, creating a path to wallet draining and asset theft. It hides the theft by encoding mnemonics as fake Sui addresses and sending 0.000001 SUI microtransactions from an attacker-controlled wallet. The extension was uploaded to the Chrome Web Store on September 29, 2025, updated on November 12, and remained available at the time of reporting.

Related Happenings

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

Open Happening

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Open Happening

ShieldGuard browser-extension data-harvesting malware

Malware Activity
First: 18.03.2026 16:15 Last: 18.03.2026 16:15 Sources 1

About this happening: A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...

Open Happening

Fake AI assistant Chrome extension malware activity

Malware Activity
First: 16.02.2026 16:00 Last: 16.02.2026 16:00 Sources 1

About this happening: A cluster of **30 malicious Chrome extensions** posing as **AI assistants** is stealing **email content** and other sensitive data from **Chrome users**, creating a broad browser-...

Open Happening

Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse

Malware Activity
First: 12.02.2026 16:25 Last: 12.02.2026 16:25 Sources 1

About this happening: **Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through multiple delivery paths, including **fraudulent GitHub repositories**, **SEO poisoning**, **malvert...

Open Happening

Timeline

  1. 13.11.2025 15:04 2 articles · 6mo ago

    Researchers disclose malicious Safery: Ethereum Wallet extension

    Initial Disclosure

    Researchers disclosed a malicious Chrome extension named Safery: Ethereum Wallet on the Chrome Web Store that impersonates an Ethereum wallet and exfiltrates users' seed phrases by encoding mnemonics as fake Sui addresses, then broadcasting 0.000001 SUI microtransactions from an attacker-controlled wallet so the seed phrase can be reconstructed and victims' funds drained.

    Show sources
    Open in new tab