Altcoin Investors Face Fresh Threat as Cyber Criminals Unleash Innovative Exploitation Technique

Hacking incidents in the cryptocurrency market are increasing day by day instead of decreasing. The latest warning comes for Tron (TRX).

Cryptocurrency security company SlowMist stated in a press release that hackers targeted TRON. SlowMist has issued a security alert stating that a high-risk phishing activity targeting TRON wallet users has been detected.

According to SlowMist, attackers created a fake Chrome extension mimicking the official TronLink wallet. To deceive users, they used Unicode bidirectional control characters and similar Cyrillic letters to spoof the extension’s name. The malicious extension listed in the Chrome Web Store has a name almost identical to the real TronLink. Attackers are using the high download numbers and positive reviews of the legitimate version to lure ordinary users, making it nearly impossible for victims to detect the malicious behavior.

After installation, the extension uploads a complete phishing page via a remote server, creating a credential theft chain.

The remote phishing page perfectly replicates the official TronLink web wallet interface, stealing private keys, keystore files, and passwords when victims log into their TRON wallet. This information is then transmitted to the attackers in real-time via a Telegram bot.

SlowMist concludes by recommending the following steps for TRON wallet users: “1. Immediately check and remove any suspicious extensions from unknown sources. 2. Clear your browser’s local storage data. 3. Be aware of unusual network requests. If your wallet information has been accidentally leaked, immediately create a new wallet and move all your assets to a secure address.” *This is not investment advice.