🚨SlowMist TI Alert🚨 A massive malicious campaign involving dozens of fake #Firefox extensions designed to steal cryptocurrency wallet credentials is underway. Over 40 fake extensions impersonating trusted #wallets like MetaMask, Coinbase Wallet, Trust Wallet, Phantom, OKX, Keplr, and more are actively stealing wallet credentials. The campaign has been active since at least April 2025. 📌These extensions: 🔹Clone real codebases and inserted malicious logic 🔹Extract wallet credentials and exfiltrate to attacker-controlled servers (including IPs) 🔹Mimic branding/logos to trick users 🔹Inflate reviews to appear legitimate ⚠️Some of these are still live on the Firefox Add-ons store as of this week. Likely linked to a Russian-speaking threat actor, based on code comments and infrastructure metadata.🎯 🔒Recommendations: 🔹Don’t rely solely on ratings or branding — verify publisher identity 🔹Treat browser extensions as full software, with proper vetting 🔹Use an allowlist for approved extensions 🔹Continuously monitor extension behavior — they can auto-update silently Stay vigilant!🛡️ (Source🔗: https://blog.koi.security/foxywallet-40-malicious-firefox-extensions-exposed-4c14419de486)