Recent research by Koi Security has discovered an active campaign spreading malicious wallet extensions on Firefox that impersonate popular crypto wallets.
Fake Wallet Apps on Firefox
Malicious extensions impersonating some of the most widely used crypto wallets are being spread on Firefox. Some of these apps have been removed while others remain active. These fake applications are distributed through the official Firefox add-on store, making them particularly dangerous.
Methods of Attack and Consequences
According to warnings from the SlowMist team, the attack targets unsuspecting users seeking easy access to cryptocurrencies. Using compromised applications can result in significant losses. Reports indicate that losses from the fake apps have already been documented. The attack relies on using the original wallet’s open-source code, simplifying the cloning process.
Safety Recommendations for Users
Koi Security advises users to implement an allow-list filter and to refrain from downloading applications without vetting. Dangerous apps may not exhibit problems initially but may update with malicious behavior over time. Users should also be wary of applications with an excessive number of positive reviews that may have been artificially generated to build trust.
The spread of malicious extensions for crypto wallets presents a serious threat, and users are advised to remain vigilant and follow safety recommendations.
