A recent report by Koi Security has exposed a massive ongoing cyberattack campaign targeting cryptocurrency users via fake Firefox browser extensions.

More than 40 bogus Firefox extensions have been uploaded to the Mozilla Add-ons Store.

These malicious extensions impersonate widely used wallets, such as MetaMask, Keplr Coinbase Wallet, using the same logos, names, and cloned codebases from the real wallets. All of this, of course, comes with spyware code hidden inside innocuous-looking files. 

They are meant to steal wallet credentials (like seed phrases or private keys) of the victims as well as capture users’ IP addresses. The stolen data gets sent to attacker-controlled servers.

In order to gain more legitimacy, the malicious actors posted a slew of fake 5-star reviews. These are mostly extremely generic reviews written with the help of artificial intelligence (AI) or human-written reviews copied from legitimate extensions. 

Why proper vetting is necessary  

Such attacks will likely remain highly effective and dangerous until Firefox manages to improve detection and code review to prevent fraudsters from taking advantage of some gullible users.    

In response to the incident, cybersecurity firm SlowMist has advised users not to rely solely on ratings or branding. Instead, they are supposed to verify the publisher's identity.

The firm has stressed that such extensions have to be treated as full-fledged software, and there should be proper vetting.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。