Firefox Users Beware: GreedyBear Scam Drains $1 Million with Malicious Extensions!

GreedyBear has unleashed 150 malicious Firefox extensions, swiping $1,000,000 from users by mimicking popular crypto wallets. Despite their removal, the scheme highlights how AI aids cybercriminals in creating large-scale attacks. Koi Security warns that GreedyBear may soon target Chrome users as well. Always verify extensions before installation to avoid becoming prey.

3P
Published: August 7, 2025 3:34 pmAdded: August 7, 2025 at 8:48 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that crypto wallets could have more drama than a reality TV show? Mozilla’s add-on store has turned into the Wild West with ‘GreedyBear’ extensions lurking in the shadows, ready to swipe your digital gold faster than you can say “blockchain.” Maybe it’s time for Firefox to add a “Wanted” poster section to their store!

Key Points:

  • ‘GreedyBear’ campaign steals over $1,000,000 via malicious Firefox extensions.
  • Impersonates popular cryptocurrency wallets like MetaMask and TronLink.
  • Uses keylogger to capture wallet credentials and IP addresses.
  • Connected to a network of Russian-speaking pirated software websites.
  • Potential expansion to Chrome Web Store spotted by Koi Security.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?