According to cybersecurity company Koi Security, a malicious operation stole over $1 million in cryptocurrency through hundreds of browser extensions, websites, and malware.
Koi Security researcher Tuval Admoni stated that the gang has been named 'GreedyBear', with their cryptocurrency theft reaching 'industrial scale'.
Admoni stated that, unlike many gangs that focus on a single attack method, GreedyBear employs all three methods simultaneously: browser extensions, malware, and fraudulent websites, achieving great success.
Over 150 counterfeit cryptocurrency wallet extensions
It is reported that the gang stole over $1 million through more than 650 malicious tools targeting cryptocurrency wallet users. They released over 150 malicious extensions in the Firefox browser market, each simulating popular cryptocurrency wallets like MetaMask, TronLink, and Exodus.
These malicious actors utilized 'extension hollowing' techniques, initially creating legitimate extensions to pass market checks, then transforming them into malicious ones to directly capture wallet credentials from fake wallet interfaces input by users.
Deddy Lavid, CEO of Cyvers, pointed out that these attacks demonstrate how cybercriminals exploit user trust in browser extension stores to carry out their attacks.
Cryptocurrency-themed malware
Another attack method used by the gang focuses on cryptocurrency-themed malware, with Koi Security identifying nearly 500 samples. Credential-stealing software like LummaStealer specifically targets cryptocurrency wallet information, while Luca Stealer demands cryptocurrency payments.
Fraudulent website network
The third type of attack is a network of fake websites disguised as encrypted products and services. These sites resemble pages for digital wallets, hardware devices, or wallet repair services.
The entire operation relies on a server for control and coordination, rapidly scaling up the attack through AI-generated code, showcasing a new evolution in encrypted cybercrime.
Admoni warns that this is not a fleeting trend, but a new norm.