Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.
According to a recent blog post, Mozilla's new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded.
These alerts will prompt human reviewers to take a closer look and remove malicious extensions from the store before they're used to drain more victims' crypto wallets.
"To help protect Firefox users, the Add-ons Operations team developed an early detection system designed to identify and stop crypto scam extensions before they find traction with unsuspecting users," Mozilla said.
"The first layer of defense involves automated indicators that determine a risk profile for wallet extensions submitted to AMO. If a wallet extension reaches a certain risk threshold, human reviewers are alerted to take a deeper look. If found to be malicious, the scam extensions are blocked immediately."
Crypto wallet drainers that steal cryptocurrency or other digital assets from a victim's wallets are now being delivered to potential victims' systems via malicious browser extensions designed to masquerade as legitimate add-ons from trusted crypto wallets.
This attack vector ensures that threat actors can quickly empty their targets' crypto wallets after stealing their private keys and credentials, making the lost funds likely impossible to recover.
While not all are directly tied to malicious extensions, cybercriminals stole $494 million worth of cryptocurrency last year in wallet-draining attacks from more than 300,000 wallet addresses.
Andreas Wagner, the Add-ons Operations Manager who also leads addons.mozilla.org (AMO) content security and review efforts, says his team has discovered and removed hundreds of such extensions, including scam crypto wallets, over the last few years.
"It's a constant cat and mouse game, as developers try to work around our detection methods," Wagner explained.
"Check your crypto wallet's website to see if they have an official extension, and only use the one they link to," he added, advising Firefox users to use the official extensions provided by their crypto wallet services whenever possible.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
Throwdown - 6 months ago
The best defense against crypto drainer add-ons in Firefox is to not install Firefox, or uninstall it if is preinstalled.
I believe one should have a dedicated security hardened machine used to access crypto accounts, not their daily driver.
powerspork - 6 months ago
Which does nothing to protect you from the same crypto drainers in every other browser system. What a nonsensical response.
The solution is to avoid addons in any browser. They are rarely necessary outside of noscript, adblock, and password manger. Even uninfected, legitimate browser addons are a security risk and can be leveraged to steal crypto.
Throwdown - 6 months ago
A hardened system should be absent of 3rd party browser add-ons, regardless of what browser you use.