Grash infiltrators steal a million dollars+ in stealing the “industrial scale” encryption star-news.press/wp
Evolution journalist
Good people
Evolution journalist
Good people
Involve
Cyber Security Company Koi security revealed the greed attack The advanced process of the group, using 150 Firefox extensions that were armed, about 500 wicked disputed, and dozens of clinic sites to steal more than a million dollars in encryption.
The coordinated campaign used a new technology “extension of the hollow” to overcome security in the market by building a legitimate extension portfolio before arming it with the harmful symbol.
The single server controls the theft of $ 1 million
The attack group united the operations through one server, controlled the infrastructure of the matter through browser accessories, the load of malware, and fraud sites.
Greedybear has evolved from the pre -identified “Foxy Wallet” campaign, which includes 40 harmful extensions. It now appears a huge scope and coordination of internet crimes that focus on encryption.
Firefox extensions have moved a common cryptocurrency portfolio, including Metamask, Tonlink, Exodus and Rabby Wallet, while capturing accreditation data directly from the user entry fields.
It targeted nearly 500 executive companies from Windows that extend to the families of multiple victims through Russian web sites that distribute cracked programs, while the pages of fake products decline announced the governor of fraudulent devices and repair services.
Security researchers have set clear signs of artificial pieces created by artificial intelligence during the campaign, enabling the attackers to quickly expand the scope of operations and escape detection systems.
The expansion of the infrastructure includes the variable chrome extension variables and suggests an imminent deployment of specifications across the basic systems to the edge and other ecosystems of the browser outside Firefox.
Extension cavity technology exceeds market security by building confidence
Greedybear was a pioneer in the method of extension of a cavity by creating the publisher accounts and downloading unpredictable extensions 5-7, such as Link Linkizers and YouTube download, with no functional capabilities.
The attackers published dozens of false positive reviews to build credibility classifications before the weapons that were established by changing names and symbols and injecting harmful software instructions.
This approach allowed the market safety to exceed during the initial reviews while maintaining the positive classifications and the user’s confidence from the legal history of the hollow supplement.
The victim’s IP addresses were transferred during the preparation while capturing the adoption of the wallet from the popups and data available to the distant servers.
The campaign arose from the FOXY portfolio, but it has evolved beyond the initial malicious extensions to more than 150 additional Firefox.
The victims reported heavy losses, as the extensions maintained the expected wallet jobs while transferring the accreditation data secretly to the attack controlled by the attacker.
Koi Aman confirmed virom communications through the extension of the “Filecoin wallet” to communicate with the server itself.
Create the system’s systematic approach to market manipulation and confidence exploitation of sustainable distribution channels for the theft of accreditation data, which OKX and Microsoft warned of this earlier this year.
Coordination of the multi -platform campaign, distributing harmful programs through the central infrastructure
500 Windows Executables included harmful many malicious families. Distribution occurred through Russian web sites that host cracked and sophisticated programs, and targeting users looking for free alternatives to legitimate applications.
Fraud sites as a portfolio of Jupiter’s mark denounces with a fabricated user interface and wallet repair services demanding the repair of Trezor devices.
The fraudulent landing pages collected personal information, portfolio accreditation data, and payment details through the convincing of product offers and service offers.
The infrastructure of the central servant enabled simplified operations by collecting accreditation data, ransom coordination and hunting campaigns while maintaining operational safety.
All areas have been resolved to the individual IP address, which creates a unified system for control and control of the multi -party attack campaign.
The slicing capabilities, with the help of AI, enabled the campaign to diversify the rapid load and evade the detection, which began to appear to be the new normal for electronic crime operations that focus on encryption.
Ancient security solutions face increasing challenges, as attackers benefit from advanced automation tools to accelerate and publish the attack development courses.
Recent incidents are widely include a million dollars in YouTube kidnapping stations, 3.05 million dollars, and the exploitation of a 4.5 million dollar scratch that was later recovered through infiltrators negotiations.
Many experts criticized the current scene of encryption security to enable immoral measures, especially in the negotiating approach.
Speaking to Cryptonews, CEO CIRCUIT Harry Donnelly criticized the negotiating methods after the revenue of the Protocol Protocol of the last promoter, saying that “”The automatic threat response should be a standard to ensure that the assets are kept out of harm, rather than hope for bargaining with bad actors”
He emphasized that “”Credix recovery is a rare victory in a system that often leaves users with little asylum.“
This comes at a time when its cumulative total reached the first half of 2025, with an amount of $ 2.2 billion of losses through only 344 accidents.
https://cimg.co/wp-content/uploads/2025/08/08070110/1754636470-image-1754636448032_optimized.jpg
2025-08-08 07:07:00
