Wave of 150 crypto-draining extensions hits Firefox add-on store
What’s new: A malicious campaign named ‘GreedyBear’ has infiltrated the Mozilla Firefox add-on store, distributing 150 crypto-draining extensions that have stolen approximately $1,000,000 from users. These extensions impersonate legitimate cryptocurrency wallet tools and initially appear benign before being modified to include malicious code that captures wallet credentials and IP addresses.
Who’s affected
Firefox users who have installed the compromised extensions are at risk of having their cryptocurrency wallets drained. The extensions mimic well-known wallets like MetaMask and TronLink, making them particularly deceptive.
What to do
- Remove any suspicious extensions from Firefox immediately.
- Verify the legitimacy of wallet extensions by checking official project websites.
- Read multiple user reviews and check extension details before installation.
