The GreedyBear hacker group has stolen over 1 million USD in cryptocurrency through a three-pronged attack combining browser extensions, malware, and phishing websites.
The attack campaign uses over 650 malicious tools, with sophisticated techniques like 'extension hollowing' to bypass scrutiny, while deploying a network of fraudulent websites and diverse cryptocurrency-themed malware.
MAIN CONTENT
GreedyBear deployed 150 malicious extensions disguised as MetaMask wallets, with the 'extension hollowing' technique helping to bypass scrutiny.
Distributed around 500 cryptocurrency-themed malware through pirated software sites in Russia.
The attack is centrally controlled by a single IP, using AI-generated source code created quickly.
How did the GreedyBear group carry out the attack?
The GreedyBear hacker group is conducting its campaign through three main attack vectors: browser extensions, malware, and phishing websites, aimed at stealing cryptocurrency.
They distributed over 150 malicious extensions on the Firefox store, masquerading as the popular MetaMask wallet using the 'extension hollowing' technique to help the fake extensions pass initial review before injecting malware into users.
Simultaneously, the group also distributed nearly 500 cryptocurrency-related malware, primarily on pirated software release sites in Russia, while building a network of fake websites impersonating hardware wallets and related products to defraud.
Why is this campaign considered a step forward in cryptocurrency crime?
The attack demonstrates industrialization by using a single IP for the entire system, coordinating multiple malicious tools, and rapidly expanding thanks to AI support in code generation.
This shows the increasing sophistication and rapid development of cryptocurrency crime, forcing app stores to improve their scrutiny mechanisms to timely prevent threats.
'Insufficient scrutiny allows malware to bypass the extension store, this is a sign of a new emerging digital crime industry.'
Cybersecurity expert, Koi Security, 8/2023
What makes the technique of 'extension hollowing' dangerous?
'Extension hollowing' is a technique that allows attackers to upload extensions that initially contain no malware but later stealthily inject malware when granted access.
This technique helps bypass extension store scrutiny and easily attacks users if the permission prompt is overlooked or users lack vigilance.
What should stakeholders do to prevent similar attacks?
App stores need to enhance their automated scrutiny systems and conduct deeper source code reviews, collaborating with security experts to detect sophisticated malicious behaviors.
Users are advised to only install extensions and software from trusted sources, carefully check the permissions of extensions, and use multi-layer protection for cryptocurrency wallets.
Frequently Asked Questions
What is malicious browser extension?
These are extensions created or modified by bad actors containing malware, aimed at stealing data or controlling user devices.
How to identify fake cryptocurrency wallets online?
Phishing wallets often have interfaces similar to real wallets but are distributed from unofficial websites or show signs of phishing such as different URLs or requests for private keys.
How can users protect themselves from such malware?
One should install antivirus software, update the system, download extensions from official stores, check reviews, and not provide the private key to anyone.
How can AI help cryptocurrency criminals?
AI assists bad actors in automatically generating malware, rapidly developing variants to evade scrutiny and increasing attack effectiveness.
How should extension scrutiny policies change?
Multidimensional testing should be applied, including runtime behavior analysis and source code review to detect deeply hidden malicious code in extensions.
Source: https://tintucbitcoin.com/greedybear-mo-rong-danh-cap-tien-dien-tu/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!