Koi Security: Over 40 Fake Crypto Wallet Extensions Found in Firefox Add-ons Store

According to a report by BleepingComputer, more than 40 malicious extensions have been discovered in the official Firefox add-on store, impersonating well-known cryptocurrency wallets. These include fake versions of a certain exchange, MetaMask, Trust Wallet, Phantom, Exodus, another exchange, Keplr, and MyMonero, among others.

Security firm Koi Security found that these malicious extensions steal wallet seed phrases and private keys by monitoring user input, then transmit the data to servers controlled by attackers. Many of the extensions are clones of legitimate open-source wallets but have malicious code added. Attackers build trust by using authentic brand logos and a large number of fake five-star reviews.