A security researcher has discovered another 22 Google Chrome web browser extensions built to steal their user’s cryptocurrencies.

Cybersecurity news outlet, Naked Security, reported on May 8 that Harry Denley, a security researcher specializing in cryptocurrencies, discovered 22 more malicious Google Chrome extensions. The extensions he discovered impersonated well-known crypto firms like Ledger, KeepKey, MetaMask, and Jaxx. Their purpose is to trick users into giving away the credentials needed to access their wallets.

Most of the phishing extensions have already been taken down as of press time.  Per the report, most were down within 24 hours of Denley reporting them. CryptoNewspeople reached out to Harry Denley, but the researcher has not returned our inquiry by press time.

Google Chrome extensions are often used for phishing

Google Chrome’s extensions store appears to be a major area of focus for cybercriminals looking to steal cryptocurrencies. At the end of April, Google managers changed the rules governing the publication of Chrome extensions in an attempt to make it more difficult for scammers to spread malicious code.

As CryptoNewspeople reported in mid-April, Google removed 49 phishing Chrome web browser extensions after reports of malicious activity. In early March, leading cryptocurrency hardware wallet producer, Ledger, warned its users about the phishing extensions on the store.

Late April reports suggest that Google still has to address the broader issue of phishing campaigns which utilize its platforms. A report suggests that the firm’s advertisement platform, Google Ads, was used to attract victims to the phishing clone of a cryptocurrency exchange. Meanwhile, blockchain firm Ripple Labs filed a lawsuit against Youtube, seeking damages after crypto scammers impersonated them on the platform.