Fake OKX plugins found on the Firefox browser store

Crypto exchange OKX has warned users of fraudulent OKX browser extension that have appeared on the Firefox browser plugin store. Extensions integrate third-party functionality within a web browser interface.

According to OKX, the company has not released any Firefox browser plugins and has advised users who mistakenly downloaded the plugin to transfer any funds in wallets connected to the fraudulent extension.

OKX contacted Firefox to remove the applications and reminded users never to download OKX-specific software from third parties.

The fraudulent plugin. Source: OKX

Malicious browser extensions can be used to steal sensitive information and funds. Phishing scams were one of the leading cause of crypto losses in 2024, according to CertiK.

User beware: Phishing is increasingly sophisticated

CertiK recently published Hack3d: The Web3 Security Report 2024 — outlining the most significant cybersecurity threats to digital assets in 2024.

According to the report, phishing scams in 296 attack campaigns collectively cost crypto users over $1 billion in losses in 2024 — representing a 21% year-over-year increase from 2023.

In September 2024, researchers at the McAfee cybersecurity firm discovered a form of malware affecting Android smartphones called SpyAgent.

The cybersecurity firm detected the malware, cleverly disguised as seemingly legitimate Android applications, in over 280 fraudulent applications.

Related: Virtuals Protocol Discord server hacked, fake Google links posted

SpyAgent uses optical character recognition (OCR) to scan images stored on a device’s memory and extract sensitive information, such as cryptocurrency private keys, stored in the images.

The researchers also said that the malware spread through text message links prompting users to download the malicious applications — allowing the scammers to sidestep the security controls on Google’s app store.

Decentraland — a 3D virtual reality metaverse built on the Ethereum network — suffered a breach of its X social media page on Sept. 19, 2024.

Hackers used the compromised page to promote phishing links to followers and advertised a fake MANA token airdrop, which is the native cryptocurrency of Decentraland.

Any user who clicked on the link to participate in the airdrop and connected their wallets would have their funds drained by the malware.

Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims