Koi Security: Over 40 counterfeit cryptocurrency wallet extensions appear in the Firefox Add-ons store

According to ChainCatcher, BleepingComputer reports that over 40 malicious extensions have been found in the official Firefox extension store, impersonating well-known cryptocurrency wallets, including fake versions of Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero.

Security company Koi Security's research found that these malicious extensions monitor user input to steal wallet recovery phrases and private keys, transmitting the data to servers controlled by the attackers. Many of the extensions are cloned versions of legitimate open-source wallets but have added malicious code. Attackers establish trust by using real brand logos and a large number of fake five-star reviews.