A recent report by Koi Security has exposed a massive ongoing cyberattack campaign targeting cryptocurrency users via fake Firefox browser extensions.
More than 40 bogus Firefox extensions have been uploaded to the Mozilla Add-ons Store.
These malicious extensions impersonate widely used wallets, such as MetaMask, Keplr Coinbase Wallet, using the same logos, names, and cloned codebases from the real wallets. All of this, of course, comes with spyware code.
They are meant to steal wallet credentials (like seed phrases or private keys) of the victims as well as capture users’ IP addresses. The stolen data gets sent to attacker-controlled servers.
In order to gain more legitimacy, the malicious actors posted a slew of fake 5-star reviews.
In response to the incident, cybersecurity firm SlowMist has advised users not to rely solely on ratings or branding. Instead, they are supposed to verify the publisher’s identity.