According to deep tide TechFlow news on July 2, BleepingComputer reported that over 40 malicious extensions impersonating well-known cryptocurrency wallets were found in the official Firefox extension store, including fake versions of Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero.
Koi Security's research found that these malicious extensions monitor user input, steal wallet mnemonics and private keys, and transmit data to servers controlled by attackers. Many of the extensions are cloned versions of legitimate open-source wallets but have added malicious code. Attackers establish trust by using real brand logos and a large number of fake five-star reviews.
