On April 29, 2020 on Rocket Chat, a pro-Islamic State [ISIS] group posted a link to a Hacker News website, which reported that 49 Google Chrome browser extensions which had been billing themselves as cryptocurrency wallets were found to contain malicious code and were phishing sensitive user information. According to the article, the browser add-ons were "potentially the work of Russian threat actors" and began to appear on the Google web store as early as February 2020. "All the extensions functioned alike," stated the article, "the only difference being the cryptocurrency wallet brands that were impacted - such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey — via 14 unique command-and-control (C2) servers that received the phished data." The extensions were removed 24 hours after being reported to Google.
 Thehackernews.com/2020/04/chrome-cryptocurrency-extensions, April 15, 2020.