The GreedyBear scam gang has expanded its cryptocurrency theft activities to an industrial scale

According to reports from Hash World, cybersecurity company Koi Security has revealed that a hacker organization named GreedyBear has stolen approximately $1 million worth of cryptocurrency through a three-pronged attack method. The organization employed a combined attack mode consisting of browser extensions, malware, and fraudulent websites, deploying around 650 malicious tools. Technical details indicate that the attackers released over 150 malicious extension programs that impersonate popular wallets like MetaMask in the Firefox store, using 'extension draining' techniques to implant malicious code after passing review. Additionally, nearly 1,500 samples of cryptocurrency-themed malware were distributed, primarily through Russian pirated software websites. Furthermore, a network of professional fraudulent websites impersonating hardware wallets and other products was established. All attacks are centrally controlled through a single IP server, and some code indicates the use of AI generation for rapid iteration. Cybersecurity experts warn that this marks a new industrialized phase of cryptocurrency cybercrime and call for application stores to strengthen their review processes.