A Russian Hacking Group Is Using Fake Versions of MetaMask to Steal $1M in Crypto
Main Idea
A cybercrime group named GreedyBear has used 150 weaponized Firefox extensions, nearly 500 malicious executables, and phishing websites to steal over $1 million in cryptocurrency over the past five years.
Key Points
1. GreedyBear employs fake versions of popular crypto wallets like MetaMask, Exodus, Rabby Wallet, and TronLink to steal cryptocurrency.
2. The group uses 'Extension Hollowing' to bypass security measures by initially uploading non-malicious versions of extensions before replacing them with malicious ones.
3. The Firefox extension campaign primarily targets global and English-speaking victims, while malicious executables focus on Russian-speaking victims.
4. Koi Security's research indicates GreedyBear operates with centralized control, suggesting organized cybercrime rather than state-sponsored activity.
5. The group has also created fake hardware wallet websites to steal payment information from victims.
Description
Russian hacking group GreedyBear has scaled up operations, using 150 “weaponized Firefox extensions” to target victims and steal crypto.
Latest News
- Ethereum Could Soar to $25,000 by 2028: Standard Chartered2025-08-13 13:50:05
- North Korean Hackers Try to Get Hired at Binance Every Day—Here’s How They're Spotted2025-08-13 12:58:40
- Solana and Chainlink Lead Crypto Rally With Double-Digit Gains2025-08-13 06:24:09
- CoreWeave Triples Revenue to $1.2B in Q2, Stock Tanks in After Hours Trade2025-08-13 04:08:07
- Musk’s Grok Bot Goes From Genocide Claims to Seeing Nazis in Puppies2025-08-13 02:03:03