Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Malicious Firefox extensions steal crypto wallets

The GreedyBear campaign used fake Firefox crypto wallet add-ons to steal funds and log victim IP addresses.

byAytun Çelebi
August 12, 2025
in Tech, News
Home News Tech
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Threat actors employed approximately 150 malicious Firefox extensions to steal cryptocurrency wallet credentials, resulting in an estimated one million dollars stolen from victims. This scheme, identified as “GreedyBear” by Koi Security, operated by impersonating legitimate cryptocurrency wallet extensions within the Firefox add-ons store.

The malicious extensions initially appeared as benign cryptocurrency wallet tools. Attackers uploaded these extensions with branding consistent with established platforms, including MetaMask, TronLink, and Rabby. These initial versions also accumulated fabricated positive reviews to enhance their perceived legitimacy. Subsequently, the attackers modified these extensions by altering names and logos, then injected malicious code. This transformation converted the extensions into keyloggers.

The compromised extensions were designed to capture form field inputs entered by users. Additionally, these malicious extensions logged the external IP addresses of victims. Information gathered by these keyloggers was subsequently transmitted to servers controlled by the attackers. Mozilla has since removed the identified malware from the Firefox add-ons store, as reported by Bleeping Computer.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Researchers have also identified a potential expansion of the GreedyBear campaign into the Chrome web store. This possible expansion is linked to an extension named Filecoin Wallet. Users are advised to exercise caution before installing browser extensions. Recommended precautions include reviewing user comments beyond star ratings, examining the version history of the extension, and investigating other projects associated with the developer for any suspicious activity.

For cryptocurrency wallet extensions specifically, a more secure method than searching directly within browser add-on stores involves navigating to the official website of the cryptocurrency project. Legitimate extensions are typically linked directly from these official project websites, providing a verified source for installation.


Featured image credit

Tags: cryptofirefox

Related Posts

Claude Fable 5 free access extended until July 19

Claude Fable 5 free access extended until July 19

July 13, 2026
Samsung Galaxy Z TriFold 2 launch may be delayed

Samsung Galaxy Z TriFold 2 launch may be delayed

July 13, 2026
Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

July 13, 2026
OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI lifts GPT-5.6 Sol usage limits temporarily

July 13, 2026
OpenAI launches ChatGPT Work productivity app

OpenAI launches ChatGPT Work productivity app

July 10, 2026
Meta files patent for AI-powered emotional monitoring device

Meta files patent for AI-powered emotional monitoring device

July 10, 2026

LATEST NEWS

Claude Fable 5 free access extended until July 19

Samsung Galaxy Z TriFold 2 launch may be delayed

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI launches ChatGPT Work productivity app

Meta files patent for AI-powered emotional monitoring device

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.