If You Have Crypto and Use Firefox, Hackers are Targeting You
2025-07-05 10:52:04
Main Idea
Koi Security uncovered a large-scale malicious campaign involving over 40 fake crypto wallet extensions, posing significant risks to users' assets, with evidence suggesting Russian-speaking threat actors may be behind it.
Key Points
1. Over 40 malicious extensions impersonate popular crypto wallets like Coinbase, MetaMask, Trust Wallet, and others, redirecting users to controlled servers.
2. The campaign has been active since at least April 2025, with new fraudulent uploads appearing in the Mozilla Add-ons ecosystem.
3. Koi Security found Russian-language notes in the extension’s code and metadata, indicating possible Russian-speaking operatives.
4. The firm is collaborating with Mozilla to remove the malicious extensions and urged Firefox users to review installed add-ons.
5. This follows a previous report by SlowMist linking similar malware activity to Russian-speaking attackers who drained wallets and converted stolen assets into ETH.
Description
Cybersecurity firm Koi Security has uncovered a large-scale malicious campaign targeting cryptocurrency users through fake Firefox extensions. The campaign involves more than 40 extensions impersonating widely used crypto wallet tools. This includes Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. Once installed, these extensions silently steal wallet credentials and exfiltrate them to attacker-controlled servers, placing user as...
Latest News
- Ethereum Gains 4% This Week, What are the Next Targets? ETH Price Analysis2025-07-05 15:18:35
- Crypto-Related Kidnappers in Belgium Get 12 Years in Prison2025-07-05 13:49:24
- If You Have Crypto and Use Firefox, Hackers are Targeting You2025-07-05 10:52:04
- $181M Recovered From Hackers, But Crypto Still Lost $620M in Q22025-07-05 06:39:05
- XRP, ADA, DOGE: Here’s How They Can Surge by Double Digits2025-07-04 11:45:19