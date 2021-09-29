Firefox extension stole digital wallet cryptocurrencies

A Firefox extension, available on the official browser extensions store for seven months, was stealing its users’ digital wallets.

    SafePal is a digital wallet capable of securely storing over 12 a thousand different cryptocurrencies, including Bitcoin, Ethereum and Litecoin.

    However, the malicious Firefox extension was unrelated to SafePal, only using the name “Safepal Wallet” to mislead users into thinking it was an official extension.

    On the fake extension page in the Firefox store, now unavailable, the malicious tool was advertised as an official product of Safepal, which allowed users to securely save their private keys from digital wallets.

    An investigation by the BleepingComputer website gained access to the website that the malicious extension used to deceive users. The page posed as an official SafePal address, trying to trick visitors into falling for a phishing scam.

    Prints demonstrating the page used to trick users of the extension. (Image: Playback/Bleeping Computer)

    On the fake page, a huge message asks users to type the backup phrase consisting of 12 words to be able to pair the digital wallet with the extension. However, after the sentence is entered, nothing happens, other than sending the information has been sent to the criminal.

    Digital wallets make use of this backup phrase so that users can recover their passwords in case they are forgotten. A criminal, in possession of this phrase, can take complete control of the wallet, in addition to being able to transfer and sell cryptocurrencies stored in it.

    Digital crimes with cryptocurrencies are becoming more and more common. Last Thursday (12), the Bitcoin.org website was invaded by criminals and kept displaying a fake advertisement , promising cryptocurrencies to visitors. The page was restored in a few hours, but even so what happened shows how cybercriminals are taking the cryptoactive market as potential targets.

    Mozilla provides protection tips

    For an extension to be made available on the Firefox store, developers are required to go through a submission process in which Mozilla, the company that owns the browser, analyzes the programs. But it is not known how deeply the company conducts security reviews.

    BleepingComputer has contacted Mozilla to find out more about the issue. A company spokesman said its focus is currently on limiting the harm that malicious extensions can do, as well as making it easier for users to report potentially criminal programs to the company.

    Also according to Mozilla’s spokesperson, whenever the company learns about applications that may pose security and privacy risks to users, the company begins to take actions so that they don’t can no longer run on Firefox.

    Finally, the Mozilla spokesperson provided some suggestions for users to be aware of when installing extensions:

    • Check the developer: Is the extension from a trusted company? Does your website have a link to the extension? These two questions can already avoid a lot of headaches;

  • Check out other works by the developer: Is a company known for revenue extension making a cryptocurrency extension available? Suspect;

  • Check the extension evaluation: the store Mozilla allows users to evaluate extensions. If the rating is too low, it is recommended not to install it.

    Source: BleepingComputer

