Over 40 Fake Crypto Wallet Extensions Found on Firefox

Over 40 fake extensions for the Mozilla Firefox browser that mimic popular crypto wallets have been identified in an ongoing cryptocurrency theft campaign, according to a report published by cybersecurity firm Koi Security.
These fraudulent extensions pose as legitimate applications such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, MyMonero, and Bitget. Once installed, the malicious extensions intercept users’ wallet credentials and transmit them to a remote server controlled by attackers.
The campaign has reportedly been active since April, with the latest extensions uploaded just last week. Koi Security has confirmed that more than 40 extensions are linked to this campaign and that the operation remains active.
The attackers reportedly clone the names, logos, and even source code of official wallet extensions, adding malicious code to extract sensitive data. Some extensions also featured hundreds of fake five-star reviews to build user trust.
Koi Security advises users to carefully verify any browser extension before installation and to use up-to-date security tools to protect their assets.