Firefox store littered with crypto-pilfering extensions

Suspected Russian-speaking hackers have uploaded more than 40 counterfeit extensions spoofing widely used cryptocurrency wallets to Mozilla Firefox's Add-Ons store in an effort to compromise cryptocurrency assets and sensitive data as part of a campaign that has been underway since April, BleepingComputer reports.

Many of the fake extensions were trojanized open-source versions of cryptocurrency wallets that contain code facilitating the exfiltration of wallet keys and seed phrases, which could be leveraged for subsequent cryptocurrency asset draining activities, a Koi Security analysis revealed. Researchers also noted attackers' usage of legitimate logos and fraudulent five-star reviews for the malicious extensions, which have been continuously added to the Firefox store. Mozilla has acknowledged Koi Security's findings. "Through improved tooling and process, we have taken steps to identify and take down such add-ons quickly. We recently published a blog post covering this threat and how we are addressing it to continue to protect Firefox users," said a Mozilla spokesperson in a statement.