SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome
May 22, 2025
Scammers are exploiting trust with a new variant of crypto confidence scams, luring victims into pricey VIP memberships under false pretenses. The danger extends to browser security, as malicious Chrome extensions impersonate reputable services to steal sensitive information. Developers aren't safe either; malicious Visual Studio Code extensions target them specifically to exfiltrate secrets. This episode covers the evolving landscape of online threats, highlighting the need for vigilance against cunning tactics.
AI Snips
Chapters
Transcript
Episode notes
Crypto Confidence Scam Evolution
- Johannes Ulrich shared a scam where users are given login credentials to crypto accounts but must pay for expensive VIP membership to withdraw money.
- The scam tricks victims by promising access to funds but actually requires investing hundreds or thousands to get minimal or no returns.
Limit Chrome Extensions for Safety
- Limit the number of Chrome extensions you install to protect your browser data.
- Malicious extensions often masquerade as VPNs or crypto tools but steal all your data.
Beware Malicious VS Code Extensions
- Be cautious installing Visual Studio Code extensions, especially those targeting crypto developers.
- Malicious extensions can exfiltrate all your code and secrets, posing serious security risks.