More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.

Cybercriminals are deploying more than 40 malicious Firefox extensions posing as top crypto wallets to harvest users’ wallet credentials in an ongoing campaign.

The campaign is still ongoing and some of the malicious add-ons are even still available in the Firefox Marketplace. According to Koi Security, the campaign began in April of this year at the latest.

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk.

A malware campaign is leveraging malicious Firefox add-ons that impersonate legitimate crypto wallets in a bid to steal unwary users’ funds, according to a new study. Koi Security discovered that more ...

Firefox fake extensions target the most widely used wallets Koi intercepted fake apps for some of the most widely used wallet extensions, including Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, ...

Since April 2025, a growing series of false cryptocurrency wallet extensions, collectively called “FoxyWallet”, have made their way into the Firefox Add on store. Appearing as well-known brands like ...

Two recent discoveries by cybersecurity specialists remind crypto owners of the need to be cautious even when using legitimate services and products such as Firefox and macOS. Security specialists at ...

Security researchers have identified an extensive cybercriminal operation using dozens of fraudulent Firefox browser extensions to steal cryptocurrency wallet credentials from users. In a report ...

Summary is AI generated, newsroom reviewed. Over 40 fake wallet extensions were discovered on Firefox, impersonating MetaMask and Coinbase. A Russian-speaking threat group is reportedly behind the ...