MetaMask Briefly Dropped From Chrome, Phishing Malware Takes Its Place

MetaMask, a popular web plugin that functions as an Ethereum wallet and allows users to run dApps in their browser, was briefly removed from Google Chrome’s web store today.

Users speculated that the removal was related to Google’s ban on extensions that can be used for mining. Malware-based mining and cryptojacking are indeed frequent problems. As such, Google’s restrictions have gotten increasingly strict in recent months.

According to CoinDesk,

“Google previously permitted Chrome mining extensions as long as they were solely dedicated to mining and explicitly informed users of their purpose. But that policy wasn’t enough to deter or keep out noncompliant add-ons.”

Although MetaMask is not intended as a mining tool and is not typically used as such, mining dApps such as CryptoGems and Rigwars do exist and can be run on MetaMask. MetaMask’s flexibility may be why it was targeted: other wallets, including Jaxx, ArcBit, and KryptoKit wallets remained in the store.

On Twitter, the event prompted the MetaMask team to endorse the crypto-friendly Brave browser as an alternative, which offers MetaMask as a built-in feature. In addition to integrating Ethereum dApps via MetaMask, the Brave browser will use Basic Attention Tokens to compensate users and advertisers.

The MetaMask team managed to get the app relisted this afternoon and will offer a “retrospective” on Twitter. During the downtime, MetaMask continued to work for users who had previously installed it, and even if Google had decided to permanently delist the plugin, MetaMask would still have been available on GitHub.

Most troubling, however, is the fact that during the brief window that MetaMask was offline, a phishing app imitating MetaMask that may have stolen private information or keys was up on the web store. It is not yet clear if the fake app was posted opportunistically or if it had been uploaded earlier. If it’s the former, Google’s ban brought about the very problem it was trying to prevent. If it’s the latter, that means Google removed a legitimate app while overlooking actual malware.

The post MetaMask Briefly Dropped From Chrome, Phishing Malware Takes Its Place appeared first on UNHASHED.