In brief
- More than 40 malicious extensions were impersonating real crypto wallets on the Firefox Add-ons store as part of the “FoxyWallet” malware campaign.
- Wallets impersonated by malicious extensions include Coinbase Wallet, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero, according to Koi Security.
- Firefox creator Mozilla said it was engaged in a “constant cat and mouse game” with malware developers seeking to bypass its detection methods, in a recent blog post.
A malware campaign is leveraging malicious Firefox add-ons that impersonate legitimate crypto wallets in a bid to steal unwary users’ funds, according to a new study.
Koi Security discovered that more than 40 malicious extensions were impersonating real…
Jul 26 2025
