A Koi Security report cited by PANews and Decrypt reveals that over five weeks, GreedyBear used weaponized Firefox extensions, malicious executables, and phishing sites to steal over $1M in cryptocurrency.
According to a Koi Security report cited by PANews and Decrypt, Russian hacker group GreedyBear stole over $1M in cryptocurrency in five weeks by deploying 150 weaponized Firefox extensions, nearly 500 malicious executables, and dozens of phishing sites. Koi CTO Idan Dardikman noted that fake crypto wallet extensions imitating popular wallets like MetaMask, Exodus, Rabby Wallet, and TronLink were the most profitable attack vector, achieved through extension hollowing techniques.