Caution for Crypto Wallet Users: Beware of Rogue Browser Extensions
Attention, cryptocurrency wallet users: cybercriminals are deploying harmful browser extensions designed to hijack your login information. A recent investigation revealed that an extensive campaign targeting Firefox featured around 150 deceptive extensions, facilitating attackers in siphoning off approximately one million dollars from unwitting victims.
This fraudulent operation, named “GreedyBear” by Koi Security, infiltrated the Firefox add-ons store, posing as legitimate cryptocurrency wallet extensions. As highlighted in a report by Bleeping Computer, these malicious add-ons have been purged from the platform by Mozilla. However, the potential for similar schemes to target more individuals remains high. In fact, researchers have indicated a looming expansion of GreedyBear onto the Chrome Web Store, via a fraudulent extension named Filecoin Wallet.
The Spread of Crypto-Stealing Malware through Firefox
According to Bleeping Computer, the crypto-stealing extensions that appeared in Firefox initially seemed harmless but later evolved into perilous malware, capable of emptying user accounts.
Cybercriminals initially introduced benign utility extensions masquerading as well-known wallets like MetaMask, TronLink, and Rabby, garnering fake positive feedback to appear credible. Over time, they altered the extensions, modifying names and logos while infusing them with harmful code that transformed them into keyloggers, recording user inputs and transmitting them to the attackers’ servers. The compromised extensions were also designed to log the external IP addresses of victims.
Safeguarding Your Crypto Wallet Against Malware
Merely because an extension has received approval from Mozilla or Google and is listed in the official add-on stores does not imply it is inherently safe. Prior to installing any new extension, scrutinize user reviews (beyond just star ratings) and examine both the version history and other projects from the developer for any red flags.
For added security concerning cryptocurrency wallets, a more reliable approach than browsing the add-on stores is to head directly to the official website of the project, which will provide links to the authentic extension.
