A massive scam campaign has hit the Firefox add-on store, with around 150 malicious extensions designed to steal cryptocurrency from users.
The operation, nicknamed GreedyBear, targeted popular crypto wallets by creating fake versions that looked legitimate.
These extensions imitated well-known wallets such as MetaMask, TronLink, and Rabby. At first, they appeared harmless and even gathered fake positive reviews to gain trust. Once enough users installed them, the scammers updated the extensions with malicious code that could log wallet credentials and track IP addresses.
When victims entered their wallet seed phrases or private keys, the stolen information was sent directly to the attackers, allowing them to drain cryptocurrency accounts.
Investigators found that the campaign was part of a larger network linked to pirated software sites and fake wallet repair services, all connected to the same criminal infrastructure.
Mozilla has since removed the malicious extensions from its store, but users are urged to double-check any crypto-related add-ons before installing them.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
