A Russian Hacking Group Is Using Fake Versions of MetaMask to Steal $1M in Crypto
Main Idea
A cybercrime group named GreedyBear has used 150 weaponized Firefox extensions, nearly 500 malicious executables, and phishing websites to steal over $1 million in cryptocurrency over the past five years.
Key Points
1. GreedyBear employs fake versions of popular crypto wallets like MetaMask, Exodus, Rabby Wallet, and TronLink to steal cryptocurrency.
2. The group uses 'Extension Hollowing' to bypass security measures by initially uploading non-malicious versions of extensions before replacing them with malicious ones.
3. The Firefox extension campaign primarily targets global and English-speaking victims, while malicious executables focus on Russian-speaking victims.
4. Koi Security's research indicates GreedyBear operates with centralized control, suggesting organized cybercrime rather than state-sponsored activity.
5. The group has also created fake hardware wallet websites to steal payment information from victims.
Description
Russian hacking group GreedyBear has scaled up operations, using 150 “weaponized Firefox extensions” to target victims and steal crypto.
Latest News
- When the Love of Your Life Gets a Software Update2025-08-12 22:17:52
- ETHZilla Ethereum Treasury Stock Skyrockets After Peter Thiel Buys Stake2025-08-12 21:38:28
- Monero Crashes on 51% Attack Fears: Here’s What the Charts Say Is Next for XMR2025-08-12 20:44:14
- Ethereum ETFs Smash Daily Record With Over $1 Billion in Investments2025-08-12 19:59:42
- Ethereum Shorts Rekt as ETH Tops $4,500 for First Time Since 20212025-08-12 18:23:44