The GreedyBear hacking group has escalated its malicious activities, utilizing weaponized Firefox browser extensions to compromise users and steal more than $1 million in cryptocurrency.
GreedyBear employs a sophisticated technique known as ‘Extension Hollowing.’ This method involves modifying legitimate browser extensions, turning them into tools that covertly steal cryptocurrency from unsuspecting victims.
Security researchers report the group has deployed approximately 150 of these malicious extensions. The attacks have inflicted financial losses exceeding $1 million. Victimology analysis indicates targets include both global users, with publicly disclosed losses, and Russian-speaking users, where the extent of losses remains undisclosed.
Users of browser-based crypto wallets are strongly advised to remain vigilant. Recommendations include immediately removing any suspicious or unnecessary browser extensions and changing wallet credentials if compromise is suspected.
To avoid malicious software, experts suggest verifying the legitimacy of crypto wallet tools by carefully checking authentic user reviews and ratings before installation.