According to Denley's tweet, the wallet is using Chrome in order to target Binance, My Ether Wallet and several other popular websites. The Shitcoin Wallet is stealing the user passwords and private keys in order to take cryptocurrency from their accounts.
If the code finds them, it collects the data put into the windows. The information is sent to a remote server. The server has a top-level domain address from a South Pacific island that is part of New Zealand.
The theft of user data by Shitcoin Wallet is similar to some other recent incidents. Apple threatened to delist Coinbase's mobile DApp browser. Google removed the ETH wallet app Meta Mask from the Google Play App store in late December 2019. Both of those moves were controversial because there was not a lot of evidence behind them.
A lot of crypto theft extensions were found in the Google chrome online store in 2019. According to MacAfee labs, cryptojacking has been on the rise by about 29 percent in the first quarter of 2019.