Hacker Group GreedyBear Steals Over $1M in Multi-Pronged Crypto Attack

Koi Security reports that GreedyBear conducted an industrial-scale crypto theft, deploying over 650 malicious browser extensions using Extension Hollowing, 500 malware executables, and scam websites managed via a single command-and-control IP.

215d ago

Summary

Koi Security detailed how GreedyBear stole over $1 million through a sophisticated multi-pronged campaign that deployed more than 650 malicious browser extensions exploiting Extension Hollowing, nearly 500 malicious Windows executables, and fraudulent crypto websites consolidated on one IP, with indications of AI-generated code aiding rapid scaling.

Terms & Concepts

Extension Hollowing: A tactic where attackers modify benign browser extensions into malicious tools to bypass security checks and harvest user credentials.
Command-and-Control server: A centralized server used by attackers to manage and coordinate malware, phishing sites, and other malicious activities.