40+ Fake Crypto Wallet Extensions Found on Firefox

    By

    Triparna Baishnab

    Triparna Baishnab

    Security firm Koi uncovers over 40 fake crypto wallet extensions on Firefox, impersonating MetaMask and Coinbase to steal user credentials.

    40+ Fake Crypto Wallet Extensions Found on Firefox

    Quick Take

    Summary is AI generated, newsroom reviewed.

    • Over 40 fake wallet extensions were discovered on Firefox, impersonating MetaMask and Coinbase.

    • A Russian-speaking threat group is reportedly behind the malware campaign.

    • 68% of malware campaigns use cloned software to avoid detection, according to a 2023 study.

    • Users are advised to install extensions only from verified publishers as per Mozilla’s security guidelines.

    Over 40 Fake Crypto Wallet Extensions Found on Firefox, Posing Malware Threat

    Security firm Koi has discovered over 40 fake cryptocurrency wallet extensions on Firefox’s plug-in store. These malicious extensions are designed to impersonate major wallets like MetaMask and Coinbase. Their goal is to steal user credentials by luring victims into downloading them.

    A report from BleepingComputer confirmed that a Russian-speaking threat group is behind these malicious activities as of July 2, 2025. These fake extensions exploit open-source code by adding harmful logic while mimicking the legitimate design of popular wallet platforms. This tactic aligns with a 2023 Journal of Cybersecurity study, which revealed that 68% of malware campaigns use cloned software to evade detection.

    Security Risks and Mitigation Measures

    The fake wallet extensions pose significant risks to users by stealing sensitive data. The threat continues to grow due to browser marketplace vulnerabilities, which allow these extensions to persist despite ongoing reports. Mozilla’s 2024 security guidelines advise users to install extensions only from verified publishers to minimize exposure to such risks.

    These malicious extensions rely on mimicking legitimate wallet designs, making them harder to detect. It is essential for users to remain vigilant when browsing plug-in stores and ensure they are downloading only from trusted sources.

    Google News Icon

    Follow us on Google News

    Get the latest crypto insights and updates.

    Follow