A recent report by KOI Security has published a massive, continuous cyberattack campaign targeting cryptocurrency users via fake Firefox browser extensions.
Over 40 fake Firefox extensions have been uploaded to the Mozilla add-on store.
These malicious extensions use the same logo, name and cloned codebase from the real wallet, impersonating widely used wallets, such as MetaMask, KEPLR Coinbase Wallet. Of course, all of this comes with spyware code hidden inside harmless files.
The purpose is to steal victims’ wallet qualifications (such as seed phrases and private keys) and capture the user’s IP address. Stolen data is sent to an attacker-controlled server.
To gain more legitimacy, the malicious actors have posted many fake five-star reviews. These are very common reviews written with the help of human-written reviews, mainly copied from artificial intelligence (AI) or legitimate extensions.
Why appropriate review is required
Such attacks can remain extremely effective and dangerous until Firefox succeeds in improving detection and code reviews so that scammers do not take advantage of scammers.
In response to the incident, cybersecurity company Slow Mist has it advice Users should not rely solely on ratings and branding. Instead, they are supposed to verify the identity of the publisher.
The company emphasizes that such extensions must be treated as full-scale software and requires proper review.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
