Crypto Users Beware: Malicious Firefox Extensions & North Korean macOS Attacks

Double-check every extension—don’t trust ratings alone, Use security tools that monitor browser extensions, Be cautious with unknown video links or app invites, Keep your system and software regularly updated, Crypto malware alert, Malicious Firefox extensions, North Korean cyber attacks, macOS crypto malware, Firefox extension security, ublock origin firefox, are firefox extensions safe, best security extensions for firefox, endpoint verification extension for firefox, firefox privacy extensions reddit, firefox relay, privacy badger, https everywhere, Firefox extension security reddit, Firefox extension security download, Firefox extension security android, uBlock Origin Firefox, Are Firefox extensions safe, Best security extensions for Firefox, Endpoint Verification extension for Firefox, Firefox privacy extensions Reddit, https, ublock origin, ublock, eff, ublock origin chrome extension, firefox ublock, ublock extension firefox, ublock origin firefox, firefox ublock origin, ublock extension, ublock origin extension, privacy badger extension, privacy badger, firefox relay, https everywhere plugin, ublock firefox, invisible trackers, firefox web store, google 2014, privacy extension, Crypto phishing tools, Cybersecurity for crypto, Digital wallet protection, macOS hacking threats, macos vulnerability 2025, macos security, macos cve, macos zero-day vulnerability, macos vulnerability 2024, macos attack, latest macos vulnerability, was apple hacked yesterday, Macos hacking threats list, macOS vulnerability 2025, macOS security, macOS CVE, macOS zero-day vulnerability, macOS vulnerability 2024, macOS attack, Latest macOS vulnerability, Protect crypto assets, how to protect your crypto wallet from hackers, crypto protection, best crypto insurance, crypto insurance uk, best way to store crypto long-term, crypto insurance companies, coin cover crypto, how to store cryptocurrency offline, How to protect crypto assets, Will crypto.com protect my assets, Are there any regulatory protections for crypto assets, क्रिप्टो एसेट्स की सुरक्षा कैसे करें, क्या क्रिप्टो डॉट कॉम मेरी संपत्ति की रक्षा करेगा, Protect crypto assets app, How to protect your crypto wallet from hackers, Crypto protection, Best crypto insurance, Crypto insurance UK, Best way to store crypto long-term, Crypto insurance companies, Coin cover crypto,

In 2025, two major cybersecurity findings have sent a clear message to crypto users: stay cautious—even when using trusted tools like Firefox or macOS.

🕵️‍♂️ Over 40 Malicious Firefox Extensions Discovered

According to cybersecurity experts at Koi Security, more than 40 dangerous Firefox extensions have been found that specifically target cryptocurrency wallets.


These extensions impersonate well-known crypto tools such as:

  • MetaMask

  • Coinbase

  • Trust Wallet

  • Phantom

  • Exodus

  • OKX

  • Bitget

  • Ethereum Wallet

These malicious tools have been active since at least April 2025, and shockingly, some are still available on the Firefox add-on store today. The most recent ones were uploaded just last week.

 Who’s Behind This?

Researchers suspect a Russian-speaking hacker may be responsible. The campaign uses clever social tricks like:

  • High ratings and fake reviews

  • Authentic-looking logos and branding

  • Functional features copied from real apps

In many cases, the hackers cloned legitimate open-source extensions, adding hidden malicious code to steal crypto wallet credentials.

🔐 How to Stay Safe

Koi Security recommends these best practices:

  • Only install extensions from verified publishers

  • Use a browser extension allowlist

  • Monitor for suspicious auto-updates

  • Treat browser extensions like you would full software apps—vet them before use

🌐 Separate but Related: North Korean Hackers Target macOS Crypto Firms

In another cybersecurity alert, SentinelLABS uncovered a campaign by North Korean threat actors targeting crypto-related companies.

These attackers:

  • Use Nim-compiled malware (a rare programming language that evades detection)

  • Rely on social engineering (like fake video call invites) to trick users

  • Exploit macOS scripting tools to bypass security protections

They even use signal-based persistence methods—something not previously seen in macOS malware—to maintain access once inside a system.


🤖 Why This Matters

Cybercriminals are becoming more sophisticated by:

  • Writing malware in unfamiliar languages like Nim or Crystal

  • Targeting cross-platform environments to maximize reach

  • Bypassing OS-level protections in systems like macOS

💡 Tip for Security Teams:

Start investing time in learning how these lesser-known languages are used by attackers. It’s quickly becoming a new trend in malware development.

🧩 Conclusion

Even trusted platforms like Firefox and macOS can be used against you by cybercriminals. Whether it’s a fake browser extension or a socially engineered attack, vigilance is your best defense.


Recent Post