A fake browser extension mimicking cryptocurrency exchange OKX has infiltrated the Firefox browser store.
On Jan. 8, OKX’s official Chinese X account issued a warning about a malicious browser extension listed on the Firefox plugin store, clarifying that the company has not developed an official browser plugin.
Browser extensions are small software programs that enhance a browser’s functionality by adding features or tools, such as password managers or ad blockers. The Firefox browser store serves as a platform for users to download these extensions.
Crypto scammers often infiltrate these stores by creating developer accounts and bypassing quality and security standards. This allows them to publish malicious extensions that can deceive users, compromise sensitive information like private keys, and even drain wallets.
OKX warned users to secure any funds they may have stored in wallets connected with the extension to avoid losses and urged users to download software only from the exchange’s official website and social media channels.
The exchange has reached out to Firefox to request the removal of the fraudulent extension, which remained live on the browser store at press time and had already been downloaded by 95 users.
At the time, it was unclear whether any users had suffered losses as a result of the fraudulent extension.
Scammers made the plugin hard to spot at first glance by using the actual OKX branding and a developer account named after the exchange. Further, it also had several five-star reviews to boost its credibility.
However, careful inspection reveals subtle inconsistencies in the description and wording, which can serve as red flags for users trying to verify its authenticity.
Malicious extensions such as these have led to severe losses for crypto users. On Apr. 8, a user lost roughly $800,000 after being exposed to two malicious plugins that were originally key loggers targeting crypto wallets.
Crypto exchanges and related tools are often the suitable choice for scammers, as investors are most likely to download such extensions for convenience. In May last year, a fake version of the Aggr app, which offers professional trading tools, was spotted on the Chrome store. The malicious app collected sensitive information from browser cookies.
A September report by cybersecurity firm Group-IB found that bad actors such as North Korea’s Lazarus group, who have caused billions in damages for the crypto sector, were increasingly targeting browser extensions such as MetaMask, Coinbase, BNB Chain Wallet, and TON Wallet.
Read the full article here
