Bogus Firefox crypto wallet extensions pilfer more than $1M

More than $1 million worth of cryptocurrency has been exfiltrated via over 150 counterfeit crypto wallet extensions on the Mozilla Firefox marketplace as part of the sweeping GreedyBear cybercrime campaign, Hackread reports.

Threat actors behind GreedyBear have employed a three-pronged approach for the campaign, with the first involving the initial upload of clean extensions later inserted with fake positive reviews before being injected with nefarious code using the "extension hollowing" technique, according to findings from Koi Security. Nearly 500 executables on websites with cracked software have also been used by attackers to facilitate credential theft and ransomware deployment, while dozens of bogus websites impersonating cryptocurrency services or wallet repair tools have also been used to lure victims into providing their personal and wallet details, said researchers, who also discovered all of the extensions, executables, and websites to have been associated with the same central server. Users have been warned that the campaign could impact the Edge and Chrome browsers.