A sophisticated cybercriminal organization, identified as GreedyBear, has reportedly pilfered cryptocurrency valued at over $1 million through a multifaceted scam operation. This information comes to light in a recent report issued on August 7 by Koi Security.
Analyst Tuval Admoni suggests this group is operating on a considerably larger and more elaborate scale than conventional scam operations.
Unlike many cyber attackers who concentrate on a single method, such as deceptive websites or rogue browser components, GreedyBear employs a broader strategy. They distribute fraudulent browser plugins, construct highly believable scam websites, and deploy malicious software, all aimed at extracting sensitive data from cryptocurrency users.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
Candlesticks, Trendlines & Patterns Easily Explained (Animated Examples)
Koi Security has identified over 150 compromised extensions available through the Firefox add-on marketplace. These malicious extensions mimic legitimate cryptocurrency wallets, including well-known brands such as MetaMask, TronLink, Exodus, and Rabby Wallet.
To circumvent security protocols, GreedyBear initially uploads a safe, benign iteration of the extension. Once it passes initial screening and accumulates positive user feedback, the extension is updated with data-stealing code.
As stated by Admoni, “These deceitful tools capture user credentials by convincingly simulating genuine wallet interfaces.”
The report further reveals that GreedyBear has developed more than 650 distinct instruments aimed at cryptocurrency wallet users. The group also manages bogus websites that imitate established exchanges and customer support channels. Moreover, malware is used to manipulate wallet addresses or intercept copied data during transactions.
In the report, Admoni remarked:
Most criminal groups specialize; perhaps they focus on browser extensions, or ransomware, or phishing campaigns. GreedyBear took a different approach, asking ‘Why not do all three?’ And it proved remarkably successful.
In related news, cybersecurity specialists at CTM360 recently uncovered a scam campaign dubbed “ClickTok”. Want to know more? Delve into the complete account here.