According to Odaily Planet Daily, cybersecurity company Koi Security revealed that a hacker group called GreedyBear stole over $1 million in cryptocurrency through a three-pronged attack. The group employed a combination of browser extensions, malware, and scam websites, deploying over 650 malicious tools. Technical details revealed that the attackers released over 150 malicious extensions impersonating popular wallets like MetaMask on the Firefox store, using a "extension hollowing" technique to pass review before inserting malicious code. They also distributed nearly 500 samples of cryptocurrency-themed malware, primarily through Russian pirated software websites. They also established a network of specialized scam websites impersonating hardware wallets and other products.

Notably, all attacks were centrally controlled through a single IP server, and some code appeared to be generated using AI for rapid iteration. Cybersecurity experts warned that this marks a new stage of industrialization in cryptocurrency cybercrime and called on app stores to strengthen their review mechanisms. (Cointelegraph)