40+ Fake Crypto Wallet Extensions Found on Firefox

Over 40 Fake Crypto Wallet Extensions Found on Firefox, Posing Malware Threat

Security firm Koi has discovered over 40 fake cryptocurrency wallet extensions on Firefox’s plug-in store. These malicious extensions are designed to impersonate major wallets like MetaMask and Coinbase. Their goal is to steal user credentials by luring victims into downloading them.

A report from BleepingComputer confirmed that a Russian-speaking threat group is behind these malicious activities as of July 2, 2025. These fake extensions exploit open-source code by adding harmful logic while mimicking the legitimate design of popular wallet platforms. This tactic aligns with a 2023 Journal of Cybersecurity study, which revealed that 68% of malware campaigns use cloned software to evade detection.

Security Risks and Mitigation Measures

The fake wallet extensions pose significant risks to users by stealing sensitive data. The threat continues to grow due to browser marketplace vulnerabilities, which allow these extensions to persist despite ongoing reports. Mozilla’s 2024 security guidelines advise users to install extensions only from verified publishers to minimize exposure to such risks.

These malicious extensions rely on mimicking legitimate wallet designs, making them harder to detect. It is essential for users to remain vigilant when browsing plug-in stores and ensure they are downloading only from trusted sources.