Everscale cryptowallet flaw could prompt fund exfiltration

Cybercriminals could exploit a security flaw in a web version of Everscale's Ever Surf cryptocurrency wallet to obtain complete control of targets' cryptowallets, according to The Hacker News. Check Point researchers noted that abusing the vulnerability would enable attackers to conduct private key decryption and seed local browser storage-stored phrases, allowing full cryptowallet control. Malicious browser add-ons and infostealer malware could be leveraged by attackers to access unencrypted local storage data. Everscale has already introduced a new desktop app that addresses the vulnerability. "When working with cryptocurrencies, you always need to be careful, ensure your device is free of malware, do not open suspicious links, keep OS and anti-virus software updated. Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, [and] phishing," said Alexander Chailytko of Check Point.