A cybercriminal campaign named βGreedyBearβ has infiltrated the Mozilla add-ons store, targeting Firefox users with malicious wallet extensions to steal funds and credentials. This operation uses AI-generated code and links to a network of malware distribution websites, demonstrating evolving tactics in browser-based threats. #GreedyBear #FirefoxExtensions
Keypoints
- GreedyBear targets cryptocurrency wallets through fake browser extensions on Firefox.
- The malicious extensions initially appear legitimate and attract positive reviews before turning malicious.
- The campaign employs AI-generated code to rapidly scale and evade detection.
- Extensions steal wallet credentials and IP addresses via embedded keylogger code.
- The operation relies on a command-and-control server and threatens to expand to Chrome Web Store.