• Live Crypto Prices
  • Crypto News
    • Worldwide
      • Bitcoin
      • Ethereum
      • Altcoin
      • Blockchain
      • Regulation
    • Australian Crypto News
  • Education
    • Cryptocurrency For Beginners
    • Where to Buy Cryptocurrency
    • Where to Store Cryptos
    • Cryptocurrency Tax in Australia 2021
No Result
View All Result
CryptoABC.net
No Result
View All Result

GreedyBear Hackers Steal $1M Using Malicious Firefox Extensions

August 11, 2025
in Australian Crypto News
Reading Time: 3min read
0 0
A A
0
GreedyBear Hackers Steal $1M Using Malicious Firefox Extensions
0
SHARES
10
VIEWS
ShareShareShareShareShare
  • The Russian cybercrime group GreedyBear has stolen over US$1 million in crypto in just five weeks.
  • The group achieved this by creating over 150 malicious Firefox extensions that impersonate popular crypto wallets like MetaMask and TronLink.
  • According to security firm Koi Security, this campaign represents a new, “industrial scale” of crypto theft.

The GreedyBear hacking group, linked to Russian cybercriminal circles, has stolen more than US$1M (AU$1.55M) in cryptocurrency by targeting users of MetaMask and TronLink wallets through malicious Firefox extensions. 

These fake add-ons, crafted to appear legitimate, compromised wallets once installed. Moreover, investigators say the attackers deployed AI-assisted malware to steal credentials, a tactic MetaMask’s own security team has previously warned about. 

The group reportedly used over 650 malicious tools, including 150 fake browser extensions, highlighting how browser-based attacks can bypass conventional protections.

Related: SBI Holdings to Launch Japan’s First Bitcoin and XRP ETF

A New Standard For Cybercriminals

It looks like GreedyBear is raising the bar for cybercrime, not by targeting bigger crypto sites, but thinking like a Fortune 500 company, at least according to Koi Security researcher Tuval Admoni.

Admoni said the group’s approach breaks from the norm by combining three distinct attack methods rather than focusing on a single vector. 

Over 650 malicious tools have been identified, including more than 150 fake Firefox extensions impersonating wallets such as MetaMask, TronLink, Exodus, and Rabby Wallet. 

Using an “Extension Hollowing” tactic, GreedyBear initially publishes legitimate extensions to pass security reviews before injecting malicious code that captures wallet credentials through counterfeit interfaces.

Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66. This server acts as a central hub for command-and-control (C2), credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels.

Koi Security
Source: Koi Security

The New Normal (With AI In It)

The second attack layer relies on nearly 500 malware samples, including LummaStealer for harvesting wallet data and ransomware strains like Luca Stealer (an open-source Rust-based malware) demanding cryptocurrency payments. 

These are largely distributed via Russian sites offering pirated or cracked software.

The final component is a network of fraudulent websites presented as legitimate wallet services, hardware device vendors, or repair platforms.

There’s also evidence of AI-generated code within the campaign, which points to faster development cycles and rapid scaling of attack types. That means an escalation in crypto-focused cybercrime. 

Admoni warned that these blended strategies represent a “new normal” in the threat landscape, stressing the urgent need for stronger extension store vetting, developer transparency, and heightened user vigilance.

Related: Project Crypto: Bitwise Names Three Key Winners From the SEC’s Blockchain Utopia

Credit: Source link

ShareTweetSendPinShare
Previous Post

Ethereum Has Cemented Its Price Above US$4K: Where to From Here

Next Post

White House Crypto Council Director Bo Hines Resigns to Return to Private Sector

Next Post
White House Crypto Council Director Bo Hines Resigns to Return to Private Sector

White House Crypto Council Director Bo Hines Resigns to Return to Private Sector

You might also like

LG Electronics Pilots Onchain Advertising Network On Arbitrum

Ethereum ETFs Bleed $8M As USDT Inflows Point To Capital Waiting On Sidelines

June 30, 2026
Ripple CEO Says Saylor’s “Financial Engineering” Has Hurt Crypto, Even as Bitcoin Itself Stays a Good Bet

Ripple CEO Says Saylor’s “Financial Engineering” Has Hurt Crypto, Even as Bitcoin Itself Stays a Good Bet

June 29, 2026
New Wallet Withdraws 1,350 BTC From Binance

Ethereum Options Traders Pay Up For Downside Protection As Skew Turns Cautious

June 30, 2026
Dogecoin Just Flipped a Multi-Session Resistance Level on a 122% Volume Spike: Is the Altcoin Season Starting?

Every Setup Says Dogecoin Is Due a Big Rally: One Barrier Could Trigger the Next Leg Higher

July 2, 2026
Analyst Reveals The Best Time To Actually Start Buying Bitcoin

Ripple CEO Brad Garlinghouse Slams Michael Saylor’s Bitcoin

June 27, 2026
Why Is Crypto Up Today? – October 15, 2025

El Salvador Claims It’s Buying Bitcoin Daily, But the IMF Disagrees

June 29, 2026
CryptoABC.net

This is an Australian online news/education portal that aims to provide the latest crypto news, real-time updates, education and reviews within Australia and around the world. Feel free to get in touch with us!

What's New Here!

XRP Price Prediction: MVRV Data Points Bullish

XRP Price Prediction: MVRV Data Points Bullish

July 4, 2026
Aave Launches on Monad with 12 Assets, Backed by $15 Million in Incentives

Aave Launches on Monad with 12 Assets, Backed by $15 Million in Incentives

July 4, 2026

Subscribe Now

  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2021 cryptoabc.net - All rights reserved!

No Result
View All Result
  • Live Crypto Prices
  • Crypto News
    • Worldwide
      • Bitcoin
      • Ethereum
      • Altcoin
      • Blockchain
      • Regulation
    • Australian Crypto News
  • Education
    • Cryptocurrency For Beginners
    • Where to Buy Cryptocurrency
    • Where to Store Cryptos
    • Cryptocurrency Tax in Australia 2021

© 2021 cryptoabc.net - All rights reserved!

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Please enter CoinGecko Free Api Key to get this plugin works.