Firefox Users Targeted by Crypto Wallet Phishing Extensions
A recent cybersecurity report reveals a sophisticated phishing campaign using fake Firefox extensions to steal credentials from popular crypto wallets like Coinbase, MetaMask, and Trust Wallet.
How the Attack Works
Since April, attackers have distributed over 40 malicious extensions. These clones of legitimate wallet tools contain hidden code that steals login details and sends them to remote servers.
Deceptive Tactics
The fake extensions use authentic-looking branding, functionality, and even fake five-star reviews to appear legitimate. This makes them difficult to distinguish from genuine wallet tools.
Attribution Clues
Cybersecurity firm Koi Security found Russian-language code comments and server metadata, suggesting possible Russian-speaking involvement in the campaign.
Protection Recommendations
Users should:
- Only install extensions from verified publishers
- Monitor extensions for unusual behavior
- Use allowlists for added security
Key Facts
- 40+ malicious Firefox extensions identified
- Targets multiple crypto wallet services
- Active since April 2023
- Uses sophisticated spoofing techniques
