Discovery of Malicious Extensions
Mozilla announced it had identified and removed over 40 malicious Firefox extensions designed to steal crypto wallet information. These extensions masqueraded as legitimate tools while covertly exfiltrating seed phrases and private keys.
How They Operate
Once installed, the extensions inject scripts to monitor clipboard activity and intercept web form submissions. Users reported funds vanishing shortly after installation.
Scope of the Threat
The threat actors targeted users of MetaMask, Trust Wallet, and other browser-based wallets, with thousands of downloads reported before removal.
Advice from Security Experts
Cybersecurity researcher Mark Jensen advised: “Always download extensions directly from verified developers and monitor account activity closely.”
Mozilla’s Response
Mozilla has tightened its extension vetting process and is working with law enforcement to track down the perpetrators.
Mitigation Tips
Users should uninstall untrusted extensions, run antivirus scans, and change wallet credentials immediately if they suspect compromise
