Over 40 fake cryptocurrency wallet extensions impersonating reputable providers are found in Firefox’s official add-ons store, stealing sensitive data and seed phrases. The campaign is linked to a Russian-speaking threat group that continuously adds new malicious extensions, despite Mozilla’s early detection efforts. #MetaMask #Phantom #CryptocurrencyTheft
Keypoints
- Over 40 fake wallet extensions impersonate popular crypto wallets in Firefox’s add-ons store.
- The malicious extensions contain code to steal wallet credentials and seed phrases, sending data to attackers’ servers.
- A Russian-speaking threat group is behind the campaign, continuously adding new malicious extensions.
- Fake reviews are used to build trust, making users more likely to install the malware-infested extensions.
- Mozilla has an early detection system, but the fake extensions still remain available in the store.