TechFlow news, August 11 — According to security firm Koi Security, Russian hacker group GreedyBear successfully stole over $1 million in cryptocurrency over the past five weeks using 150 malicious Firefox browser extensions. The attackers created counterfeit extensions mimicking popular cryptocurrency wallets such as MetaMask and Exodus, leveraging a "hollowing-out extension" technique to bypass app store security checks and injecting malicious code during updates to steal users' wallet credentials.
The group has also deployed nearly 500 malicious Windows programs and multiple phishing websites, demonstrating characteristics of large-scale operations. Security experts advise users to only install officially verified extensions and recommend transferring significant assets to hardware wallets for safekeeping.



