Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Fraud. Show all posts
Text Scams
Cyber Fraud Email Phishing online fraud prevention Phishing Scams QR code scams scam links Text Scams

How to Spot and Avoid Scam Links in 2025: Expert Tips Amid Rising Phishing Attacks

 

One can chalk it up to artificial intelligence or rampant data leaks, but one thing is clear—phishing attacks are becoming more frequent and harder to detect. Whether through emails, text messages, QR codes, or even social media DMs, cybercriminals are deploying increasingly sophisticated tactics to deceive victims.

In 2024 alone, phishing and spoofing scams resulted in over $70 million in losses, according to the FBI's Internet Crime Complaint Centre. Scam links often mimic legitimate websites by using “https” encryption and lookalike domains to fool users into clicking.

Clicking one of these links doesn’t just risk your bank balance—it can compromise personal information, install malware, or give scammers access to your device.

Scam links are often embedded in phishing emails or texts and are designed to lead users to fake websites or trick them into downloading malware. Common scams include messages about unpaid tolls, fake job offers, and even investment opportunities.

Many scammers use AI tools to distribute these messages widely. Despite how often people fall for them, the consistency of success keeps fraudsters using the same tactics.

Tips to Identify Scam Links

1. Scrutinize the URL

"Smartphones do their best to block scam links, so attackers use tricks to make their links clickable," said Joshua McKenty, CEO of Polyguard.ai. Look for signs like an "@" symbol in the link or URLs merged with a question mark. Be wary if a URL starts with something familiar like Google.com but ends with a suspicious string.

2. Spot Misspellings and Lookalikes

“Typo-squatting”—using URLs that look like trusted sites but have subtle misspellings like PayPa1 instead of PayPal—is a common red flag, warns Dave Meister, cybersecurity spokesperson for Check Point.

3. Know Your Trusted URLs

"Major brands, especially banks and retailers, don't often change up their domain names," said McKenty. For instance, Chase.com is likely safe, but Chase-Banking-App.com is not.

4. Be Cautious with Shortened Links

Shortened URLs, like those from bit.ly or shorturl, can hide malicious destinations. McKenty cautions against clicking these links unless you're absolutely certain of their source.

5. Inspect QR Codes

“QR codes have become the new stealth weapon,” said Meister. Scammers may cover real QR codes in public spaces with fake ones, leading to malware downloads or cloned websites. Always double-check where the code is placed and avoid scanning suspicious ones.

What To Do If You Clicked a Scam Link

1. Install antivirus software
If your device isn’t already protected, act fast. Free and paid options are available.

2. Check for malware
If your phone is slow, unresponsive, or shows pop-ups, it could be infected. Clear your cache, delete suspicious apps, or do a factory reset. Avoid logging into any financial apps.

3. Contact your bank
Let your bank or credit card provider know if there’s any chance your information was compromised.

4. Report the scam
File a complaint with the Federal Trade Commission and notify local authorities. The more awareness there is, the harder it becomes for these scams to succeed.
Read more »
User Security
Blockchain Developer Crypto Theft Cyber Fraud Malicious Campaign User Security

Online Criminals Steal $500K Crypto Via Malicious AI Browser Extension

 

A Russian blockchain engineer lost over $500,000 worth of cryptocurrencies in a sophisticated cyberattack, highlighting the persisting and increasing threats posed by hostile open-source packages. Even seasoned users can be duped into installing malicious software by attackers using public repositories and ranking algorithms, despite the developer community's growing knowledge and caution.

The incident was discovered in June 2025, when the victim, an experienced developer who had recently reinstalled his operating system and only employed essential, well-known applications, noticed his crypto assets had been drained, despite rigorous attention to cybersecurity. 

The researchers linked the breach to a Visual Studio Code-compatible extension called "Solidity Language" for the Cursor AI IDE, a productivity-boosting tool for smart contract developers. The extension, which was made public via the Open VSX registry, masqueraded as a legal code highlighting tool but was actually a vehicle for remote code execution. After installation, the rogue extension ran a JavaScript file called extension.js, which linked to a malicious web site to download and run PowerShell scripts. 

These scripts, in turn, installed the genuine remote management tool ScreenConnect, allowing the perpetrators to maintain remote access to the compromised PC. The attackers used this access to execute further VBScripts, which delivered additional payloads such as the Quasar open-source backdoor and a stealer module capable of syphoning credentials and wallet passphrases from browsers, email clients, and cryptocurrency wallets. 

The masquerade was effective: the malicious extension appeared near the top of search results in the extension marketplace, thanks to a ranking mechanism that prioritised recency and perceived activity over plain download counts. The attackers also plagiarised descriptions from legitimate items, thus blurring the distinction between genuine and fraudulent offerings. When the bogus extension failed to deliver the promised capabilities, the user concluded it was a glitch, allowing the malware to remain undetected. 

In an additional twist, after the malicious item was removed from the store, the threat actors swiftly uploaded a new clone called "solidity," employing advanced impersonation techniques. The malicious publisher's name differed by only one character: an uppercase "I" instead of a lowercase "l," a discrepancy that was nearly hard to detect due to font rendering. The bogus extension's download count was intentionally boosted to two million in a bid to outshine the real program, making the correct choice difficult for users.

The effort did not end there; similar attack tactics were discovered in further malicious packages on both the Open VSX registry and npm, which targeted blockchain developers via extensions and packages with recognisable names. Each infection chain followed a well-known pattern: executing PowerShell scripts, downloading further malware, and communicating with attacker-controlled command-and-control servers. This incident highlights the ongoing threat of supply-chain attacks in the open-source ecosystem.
Read more »
Online Scams
AIdeepfakes Cyber Fraud Fake Accounts Fake business accounts financial scams Fraud Alert Internet scammers Online App online fraud prevention online frauds Online Scams

Scamfluencers Use Social Media to Orchestrate Sophisticated Online Fraud

 

Scamfluencers, a rising category of deceptive internet personalities, are leveraging their online influence to run sophisticated scams that have already cost Americans an estimated $1.9 billion in 2024. 

These individuals masquerade as experts in finance, health, or other trusted domains to exploit trust and extract money from their followers. By blending online popularity with calculated deceit, scamfluencers are proving to be one of the most dangerous forms of digital manipulation today. 

According to Adewale Adeife, a cybersecurity consultant at EY, scamfluencers are especially dangerous because they merge their social credibility with modern deception tactics. These often include emotional manipulation, fabricated social proof such as fake likes and engagement pods, and now, even AI-generated deepfakes to bolster their authority. Scamfluencers fabricate credentials, pose as professionals, and often use emotionally charged content to draw in followers. 

In one infamous example, teenager Malachi Love-Robinson posed as a medical doctor, tricking patients and professionals alike. Others may impersonate financial experts, promising “get-rich-quick” results backed by fake testimonials and limited-time offers. Tactics also include exploiting psychological tendencies like authority bias, where users are more likely to believe information from someone who appears famous or credentialed. 

Scamfluencers also use the consistency principle—starting with small asks that escalate into larger scams. Fear, greed, and urgency are common emotional triggers they use to lower victims’ skepticism. To protect yourself, cybersecurity experts recommend several steps. 

Always verify an influencer’s claims and professional background. Be wary of requests for unconventional payments such as cryptocurrency or gift cards. If the person reacts defensively to questions, or if their results seem too good to be true, it’s likely a red flag. If you suspect you’ve encountered a scamfluencer, stop communication immediately, save all evidence, report it to your financial institution, and file complaints with law enforcement and cybercrime units. 

Social media companies are stepping up their defenses, using AI to detect fake accounts, manipulated media, and suspicious behavior. Despite these efforts, experts emphasize that individual vigilance is still the best defense against scamfluencer tactics. 

In an increasingly digital world, where influence can easily be faked and trust weaponized, staying informed and skeptical is essential. Recognizing the signs of scamfluencers helps prevent fraud and contributes to creating a safer and more authentic online environment.
Read more »
human trafficking scams
cryptocurrency Cyber Fraud Cyber Scams CyberCrime Cybersecurity Digital Arrest Digital Crime Digital Slavery global cybercrime human trafficking scams

The Rise of Digital Slavery in the Age of Global Cybercrime

 


A growing number of cybercriminals are becoming more sophisticated and dangerous in the hyperconnected digital world of today. These criminals use advanced methods to exploit individuals and organisations who are not expecting them. To lure victims into divulging confidential information, perpetrators often disguise themselves as legitimate individuals—posing as bank officials, customer service representatives, or company executives—to deceive them into disclosing confidential information voluntarily. 

Social engineering is an effective way for fraudsters to manipulate emotions, exploit trust, and overcome even the most vigilant security measures. Once these fraudsters have gained access to critical information such as banking credentials, personal identification numbers, or login details, they begin stealing identities, engaging in financial fraud, and causing large-scale data breaches as a result. As a result, this cybercrime threat is particularly alarming because it is relentlessly adaptable. 

Cyberfraud, in its current form, has evolved not only from isolated phishing attempts but has also developed into a worldwide threat that is well-organised and is constantly changing as time goes on. With the rise of digital platforms, both personal and professional, there has never been a greater urgency to recognise, detect, and fight cyber fraud. 

Digital organised crime has begun to emerge as a new frontier in the digital world, where cyber slavery is emerging as a widespread and deeply concealed problem, which is an alarming development. Rather than being isolated incidents, this growing phenomenon is structured, transnational, and profit-driven, with credible investigations revealing that in so-called "scam compounds," thousands of people are held against their will. 

They are often duped into accepting fake work offers and trafficked across borders, thus forcing them to carry out large-scale online fraud operations under inhumane conditions, ranging from phishing scams to cryptocurrency scams, which are implemented by politicians and businesses alike. Many of the spam messages or suspicious links that appear to the average user to be harmless are, in fact, the product of forced labour that is orchestrated by criminal syndicates. 

In light of this troubling intersection between human trafficking and digital fraud, it is imperative that we raise global awareness, intervene with policy, and cooperate with each other so these hidden networks of exploitation will cease to operate. An opportunity that seems promising at first glance can, with a single click, plunge an unsuspecting applicant into captivity and brutal exploitation, even if it seems to offer a promising salary, flexible working schedules, and the allure of a new start abroad. 

Currently, cyberslavery encompasses several groups of victims: those deceived by online scams, as well as those who are forced to run those very scams due to their trafficking, confinement, and exploitation. It is known that these individuals are enticed to work for counterfeit companies, transported across borders, stripped of their travel documents, and locked inside secure compounds where they are forced to engage in phishing scams, romance scams, and cryptocurrency scams under constant threat of violence, and that the rapid expansion of this phenomenon is directly connected to modern connectivity. 

There was a time when limited bandwidth curtailed large-scale abuses, but today's high-speed internet, encrypted messaging apps, and global social media platforms serve as frictionless tools for traffickers to recruit, control, and conceal the forced labourers they are exploiting. A recent event underscores the scale of the problem: in Myawaddy, Myanmar, police turned over 540 Indians coerced into participating in scams after agents lured them into employment in Dubai, Bangkok, and Kuala Lumpur by promising jobs there. 

A total of 40 Karnatakaians were rescued after a lengthy journey through several Southeast Asian hubs and clandestine boat transfers. After being imprisoned and forced to commit cyberfraud against victims worldwide, they were found guilty and sentenced to conduct it. In this ordeal, the stark reality is illustrated: a shadow industry spawned by the intersection of high-tech crime and human trafficking has flourished on broken promises and stolen identity, creating an urgency for international coordination and action that must be taken now. 

There is no doubt that cyberslavery is becoming a major concern across Southeast Asia, with countries like Cambodia, Laos, Myanmar, and the Philippines emerging as key hotspots for this disturbing phenomenon. It has been reported that scam centres in these regions have become an epicentre of modern-day slavery and grave human rights violations, according to recent research findings. 

It is common for victims to experience physical abuse, psychological manipulation, and extreme coercion, as well as being forced to carry out sophisticated online scams targeting individuals all over the world – they are often trafficked or kidnapped. Criminal syndicates orchestrate these illicit activities, and they are enabled by complicit business networks which take advantage of resources like capital, human labour, and digital infrastructure to sustain and expand their criminal operations. 

As a result of the tremendous stakes involved, reports by international agencies have estimated that these scamcentress generate billions of dollars in illicit revenue every year. Nevertheless, it has been very difficult to dismantle this deeply embedded system, which is characterized by its transnational nature, complex organizational structures, and the presence of overlapping legal, political, and jurisdictional barriers.

In addition to this crisis, cyber slavery is still widely misunderstood by the public, causing policymaking decisions to be influenced by public misconceptions, which limit public awareness and support for victims of cyber slavery. As these scam networks have evolved over the past decade, they have shown a further sign of their increasing sophistication as well. At first, such operations were based out of modest apartments, small villas, or rented hotels.

The trend began to shift by the late 2010s, with large-scale compounds containing multiple criminal operations under one roof while employing thousands of coerced workers under the roof. This phenomenon became especially prevalent in the Cambodian city of Sihanoukville, which has become a central hub for such operations in the past few years, emphasising the necessity for coordinated regional and global responses to combat a growing industry of digital exploitation that has become largely hidden but has become more aggressive in recent years. 

Currently, law enforcement agencies are grappling with the challenge of combating cyber slavery, a complex and ever-evolving problem, as it is characterised by transnational criminality, legal fragmentation, and legal instability across different jurisdictions. Cybercriminals are often based in countries with different laws governing cybercrime, regulatory frameworks, and definitions of digital exploitation, making international cooperation both complex and inconclusive.

It can be exceedingly difficult to collect admissible evidence across borders, especially with the help of mechanisms like the Mutual Legal Assistance Treaty (MLAT), because they are extremely time-consuming and bureaucratic in nature, which can often delay vital investigative action. In addition to that difficulty, fraudsters and scam operators frequently mask themselves with false documents, virtual private networks (VPNs), and encrypted communication platforms, which makes their activities even more difficult. 

Cyber slavery, in addition, is not limited to forced labour used in scam operations. As a result, some individuals are blackmailed or psychologically manipulated into participating in cybercrime, blurring the line between culpability and victimhood, as a result of which they are blackmailed or psychologically manipulated. As a key component of building a case, digital evidence presents its own set of challenges. 

Since it is volatile, it must be preserved in the utmost way possible. Victims trapped in scam compounds, however, are often unable to communicate online or are unable to interact via tightly controlled channels, so they are limited in their ability to report abuse or cooperate with authorities. These restrictions highlight the urgent need for a multifaceted response to these crimes.
To effectively address the threat of cyber slavery, several strategic approaches must be developed, including cross-border collaboration, cybercrime units, public-private partnerships, and proactive legal reforms. There needs to be a vigorous enforcement of domestic laws such as the Indian Emigration Act of 1983, in particular to crack down on illegal recruitment agents who are a significant part of the trafficking industry by masquerading as overseas employees. 

Additionally, large-scale awareness campaigns can be conducted via traditional as well as digital media simultaneously to inform the public, especially vulnerable job seekers, regarding the risks that unregistered recruiters pose to them, as well as their deceptive tactics used to lure people into digital servitude. There is only one way to effectively curb the growing menace of cyber slavery, and that is by coordinating global efforts, reforming policies, and maintaining public involvement. 

A rapid increase in cyber fraud is an indication that cyber fraud is becoming an increasingly dangerous threat within the digital ecosystem. It entails a variety of sophisticated tactics, along with a broad spectrum of damaging consequences resulting from cyber fraud. In its simplest sense, cyber fraud is a form of deception that manipulates victims into disclosing sensitive information or performing actions that serve the fraudsters' interests. 
To achieve this kind of manipulation, advanced technological means are often employed, including phishing schemes, malware deployment, and a variety of social engineering techniques. Cyber fraud is an alarming phenomenon in the sense that the perpetrators usually operate under a veil of anonymity online, which makes the task of tracing and prosecuting offenders incredibly difficult. 

Cyber fraud has a global reach that is one of its most alarming aspects. It is different from traditional crime in that it transcends geographical boundaries, meaning that perpetrators can target victims on other continents and with minimal risk of detection. Further, there is an ever-evolving landscape of cyber fraud. 

As fraudsters adjust their methods to counter the increased security measures that organisations and individuals face, individuals and  mustorganisations remain informed and proactive in adopting robust cybersecurity protocols, no matter what. Several forms of cyber fraud havebecomeg more popular in recent years. 

Phishing attacks, for example, use phoney email messages, messages from phoney websites, or false links to steal login information and financial details. Identity theft is when individuals are impersonated by someone else in order to conduct unauthorised transactions by using their personal data. Online scams exploit trust to request payments or personal information under false pretences, while ransomware attacks block users from accessing their own data, requiring payment before they can get to it. 

Data breaches, which occur when a secure system is breached by an unauthorised individual, expose large amounts of sensitive data with lasting consequences. Cyber fraud has profound and far-reaching effects on a company's bottom line. Financial losses are one of the most immediate and visible consequences, as victims may suffer theft of funds, unauthorised purchases, or costly efforts to recover their money. 

In addition, businesses can suffer severe reputational damage, leading to reduced consumer trust, regulatory penalties, and the possibility of a lawsuit. Furthermore, cyber attacks can cause significant disruptions to vital services such as healthcare, transportation, and communications, which puts the public at risk. 

Cyber fraud is a problem of a global scale that threatens trust in digital platforms and financial systems. The persistence of cyber fraud erodes trust in digital platforms and financial systems, which constitutes a significant obstacle to economic stability and growth in a world which is increasingly connected. The government, businesses, and ordinary citizens must adopt vigilance and responsibility to stem the escalating tide of cyber-enabled exploitation. 

Lawmakers should close jurisdictional gaps by harmonising cybercrime statutes and streamlining evidence-sharing protocols, at the same time that enforcement agencies need to invest heavily in digital forensics capacity and the development of multilingual victim support channels to close cybercrime loopholes. Especially in the areas of finance, telecommunications, and social media, private firms need to implement a real-time fraud detection system and rigorously vet third-party recruiters who operate on their platforms.

The first line of defence should remain establishing “zero-trust” digital habits at the individual level, which includes verifying unsolicited emails, using strong authentication, and immediately reporting suspicious activity. A multilayered, collaborative approach is the only way for the global community to dismantle the infrastructure of cyber slavery and fraud, protect vulnerable populations, and restore trust in the digital economy through the implementation of this multilayered, collaborative approach.
Read more »
Quishing Campaign
Cyber Fraud Cybersecurity measures Cybersecurity Warning Drivers QR code QR Code Phishing QR code scams QR code security Quishing Quishing Campaign

Parking Meter QR Code Scam Grows Nationwide as “Quishing” Threatens Drivers

 

A growing scam involving fake QR codes on parking meters is putting unsuspecting drivers at risk of financial fraud. This deceptive tactic—called “quishing,” a blend of “QR” and “phishing”—relies on tampered QR codes that redirect people to bogus websites designed to steal sensitive information like credit card details or vehicle data. 

The scam works in a surprisingly simple but effective way: fraudsters cover official QR codes on parking meters with nearly identical stickers that feature malicious codes. When scanned, the QR code does not lead to the authorized parking service’s payment portal but instead sends users to a counterfeit site. These phishing websites often look nearly identical to legitimate services, making them difficult to identify as fraudulent. Once there, victims are prompted to enter personal data that can later be misused to withdraw funds or commit identity theft.  

Recent reports have confirmed the presence of such manipulated QR codes on parking infrastructure in multiple cities, and similar schemes have also been spotted on electric vehicle charging stations. In one documented case, a victim unknowingly lost a four-figure amount after entering their payment information on a fake page. According to police authorities in Lower Saxony, Germany—where the scam has seen a surge—this type of attack is rapidly spreading and becoming a nationwide concern. 

Unlike phishing emails, which are often flagged by security software, QR codes are processed as images and generally bypass traditional cybersecurity defenses. This makes “quishing” harder to detect and potentially more dangerous, especially for users with outdated smartphone software. Because these scams exploit visual deception and technical limitations, the responsibility often falls on users to scrutinize QR codes closely before scanning.  

Experts recommend taking a few precautions to stay safe. First, inspect the QR code on the meter to ensure it hasn’t been tampered with or covered by a sticker. If anything appears off, avoid scanning it. For added security, users should download the official parking service app from an app store and enter location details manually. Using third-party QR code scanner apps that reveal the destination URL before opening it can also help prevent falling for a fake link. 

Anyone who believes they may have been scammed should act immediately by contacting their bank to block the card, reporting the incident to local authorities, and monitoring accounts for unauthorized activity. Law enforcement is urging users to stay alert as these scams become more common, especially in urban areas where mobile parking and EV charging stations are widely used.
Read more »
Scattered Spider Threat Group
cyber attack Cyber Fraud cyberattacks trending news FBI Scattered Spider Threat Group

FBI Raises Alarm as Scattered Spider Threat Group Expands Target Sectors

 

The Federal Bureau of Investigation (FBI) has issued a high-level cybersecurity alert warning about the growing threat posed by Scattered Spider, a cybercriminal group now targeting the transportation sector specifically the aviation industry and expanding its focus to insurance companies. Previously associated with large-scale ransomware attacks in the retail sector, including a significant breach at Marks & Spencer in the UK that resulted in losses exceeding $600 million, the group is now shifting tactics and industries. 

A recent analysis by cybersecurity firm Halcyon, confirmed by the FBI, highlights how Scattered Spider is using advanced social engineering to bypass multi-factor authentication (MFA), often by impersonating employees or contractors and deceiving IT help desks into adding unauthorized MFA devices. The FBI has urged organizations to strengthen their MFA procedures and report any suspicious activity promptly. Research from Reliaquest shows the group often spoofs technology vendors and specifically targets high-access individuals like system administrators and executives.

Scattered Spider is financially driven and reportedly connected to a broader cybercriminal collective known as The Community. Its collaborations with ransomware operators such as ALPHV, RansomHub, and DragonForce have enabled it to access sophisticated cyber tools. What makes the group particularly dangerous is its ability to blend technical skill with social engineering, recruiting English-speaking attackers with neutral accents and regional familiarity to convincingly impersonate support staff during Western business hours. Real-time coaching and detailed scripts further enhance the success of these impersonation efforts.

Beyond aviation, experts are now seeing signs of similar attacks in the U.S. insurance sector. Google’s Threat Intelligence Group confirmed multiple such incidents, and security leaders warn that these are not isolated cases. Jon Abbott, CEO of ThreatAware, emphasized that this trend signals a broader threat landscape for all industries. 

Richard Orange of Abnormal AI noted that Scattered Spider relies more on manipulating human behaviour than exploiting software vulnerabilities, often moving laterally across systems to gain broader access. The group’s exploitation of supply chain links has been a consistent tactic, making even indirect associations with targeted sectors a point of vulnerability. As the FBI continues to work with affected industries, experts stress that all organizations, regardless of sector, must enhance employee awareness, implement strict identity verification, and maintain vigilance against social engineering threats.
Read more »
User Security
Cyber Fraud Deepfakes Financial Scam User Privacy User Security

Deepfakes Explained: How They Operate and How to Safeguard Yourself

 

In May of this year, an anonymous person called and texted elected lawmakers and business executives pretending to be a senior White House official. U.S. senators were among the recipients who believed they were speaking with White House chief of staff Susie Wiles. In reality, though, it was a phoney. 

The scammer employed AI-generated deepfake software to replicate Wiles' voice. This easily accessible, low-cost software modifies a public speech clip to deceive the target. 

Why are deepfakes so convincing? 

Deepfakes are alarming because of how authentic they appear. AI models can analyse public photographs or recordings of a person (for example, from social media or YouTube) and then create a fake that mimics their face or tone very accurately. As a result, many people overestimate their ability to detect fakes. In an iProov poll, 43% of respondents stated they couldn't tell the difference between a real video and a deepfake, and nearly one-third had no idea what a deepfake was, highlighting a vast pool of potential victims.

Deepfakes rely on trust: the victim recognises a familiar face or voice, and alarms do not sound. These scams also rely on haste and secrecy (for example, 'I need this wire transfer now—do not tell anyone'). When we combine emotional manipulation with visual/auditory reality, it is no surprise that even professionals have been duped. The employee in the $25 million case saw something odd—the call stopped abruptly, and he never communicated directly with colleagues—but only realised it was a scam after the money was stolen. 

Stay vigilant 

Given the difficulty in visually recognising a sophisticated deepfake, the focus switches to verification. If you receive an unexpected request by video call, phone, or voicemail, especially if it involves money, personal data, or anything high-stakes, take a step back. Verify the individual's identity using a separate channel.

For example, if you receive a call that appears to be from a family member in distress, hang up and call them back at their known number. If your supervisor requests that you buy gift cards or transfer payments, attempt to confirm in person or through an official company channel. It is neither impolite or paranoid; rather, it is an essential precaution today. 

Create secret safewords or verification questions with loved ones for emergencies (something a deepfake impostor would not know). Be wary of what you post publicly. If possible, limit the amount of high-quality videos or voice recordings you provide, as these are used to design deepfakes.
Read more »
Mozilla Firefox
Crypto Wallets cryptocurrency cryptocurrency wallet Cyber Fraud Data Theft Extensions Fake Extension Firefox Firefox Hacks Firefox Security Mozilla Firefox

Fake Firefox Extensions Mimic Crypto Wallets to Steal Seed Phrases

 

Over 40 deceptive browser extensions available on Mozilla Firefox’s official add-ons platform are posing as trusted cryptocurrency wallets to steal user data, according to security researchers. These malicious add-ons are camouflaged as popular wallet brands such as MetaMask, Coinbase, Trust Wallet, Phantom, Exodus, MyMonero, OKX, and Keplr. 

Behind their familiar logos and fake five-star reviews lies code designed to exfiltrate wallet credentials and seed phrases to servers controlled by attackers. Cybersecurity firm Koi Security, which discovered this threat campaign, suspects a Russian-speaking hacking group is responsible. In a report shared with BleepingComputer, the firm revealed that the fraudulent extensions were modified versions of legitimate open-source wallets, altered to include stealthy monitoring code. 

These extensions monitor browser input for strings that resemble wallet keys or recovery phrases — often identified by their length and character patterns. Once such sensitive input is detected, the information is covertly sent to attackers. To avoid suspicion, the extensions suppress error messages or alerts by rendering them invisible. The most critical data targeted are seed phrases — multi-word recovery codes that serve as master keys for crypto wallets. Anyone with access to a seed phrase can irreversibly drain all assets from a user’s wallet. 

The campaign has reportedly been active since at least April 2025, and new malicious add-ons continue to appear. Some were added as recently as last week. Despite Mozilla’s efforts to flag and remove such add-ons, Koi Security noted that many remained live even after being reported through official channels. The fake extensions often feature hundreds of fraudulent five-star reviews to build trust, although some also have one-star ratings from victims warning of theft. 

In many cases, the number of reviews far exceeds the number of downloads — a red flag missed by unsuspecting users. Mozilla responded by confirming that it is aware of ongoing threats targeting its add-ons ecosystem and has already removed many malicious listings. The organization has implemented a detection system that uses automated tools to flag suspicious behavior, followed by manual review when necessary.

In a statement to BleepingComputer, Mozilla emphasized its commitment to user safety and stated that additional measures are being taken to improve its defense mechanisms. As fake wallet extensions continue to circulate, users are urged to verify the authenticity of browser add-ons, rely on official websites for downloads, and avoid entering recovery phrases into any untrusted source.
Read more »
Subscribe to: Posts (Atom)