based on materials from the site - By BH NEWS
A troubling discovery has emerged regarding more than forty fraudulent extensions impersonating popular cryptocurrency wallet applications, such as Coinbase, MetaMask, and Trust Wallet, which are currently available in the Mozilla Firefox extension store. As detailed in the Koi Security report from July 2, 2025, these impersonating extensions pose a significant threat by secretly collecting users' wallet credentials. Despite activity since April, the campaign is evolving, and new extensions were added just last week. Numerous fake five-star reviews misleadingly boosted their credibility among users.
How do fake extensions work?
These fake extensions use logos and descriptions of well-known cryptocurrency wallet services, creating an appearance of authenticity. By using popular keywords, they quickly gain prominence in search results and increase download speed. After installation, although the interface seems legitimate, hidden scripts extract private keys and recovery phrases, sending them to malicious servers, which poses a significant risk to users.
Are there Russian connections involved?
Security researchers have found Russian-language comments embedded in PDF files and notes in the source code of the extensions, indicating a potential Russian-speaking threat actor. While compelling evidence remains unclear, geographical details such as timestamps and file paths support the likelihood of this theory. Researchers remain cautious, acknowledging that further evidence is needed to confirm these findings.
Since the observed onset in April, more than 60 variations have appeared, with the latest release just last week. To evade detection, these extensions are constantly updated and renamed, maintaining their presence in the store. Some undetected copies are still preserved, prompting Koi Security to recommend that users update extensions only through verified links to websites.
The following specific measures should be considered:
Regular checks and audits of extension repositories to identify and remove malicious extensions.
Training users to verify the authenticity of extensions before installation.
Implementing enhanced scanning processes to detect hidden malicious scripts.
The Mozilla Firefox extension store remains a target for attackers exploiting security vulnerabilities through deceptive practices. As these threats evolve and continue to endanger users, vigilance and heightened awareness of extension authenticity are crucial for protecting digital assets.
$BTC , $XRP , $BNB
#Cryptomarketnews , #TrumpTariffs
Here, our subscribers will learn FIRST about all the most interesting changes in the news agenda of the world of finance and cryptocurrency. Everything in one news feed!!!
Welcome to us! There are enough news for everyone!!! 😉