A fake browser extension impersonating the OKX cryptocurrency exchange has infiltrated the Firefox browser store.
On January 8, the official Chinese X account at OKX issued a warning about a malicious browser extension listed on the Firefox plugin store, clarifying that the company has not developed an official browser plugin.
Browser extensions are small software programs that enhance the functionality of a browser by adding features or tools, such as password managers or ad blockers. The Firefox browser store is a platform for users to download these extensions.
Crypto scammers often infiltrate these sources by creating developer accounts and bypassing quality and security standards. This allows them to publish malicious extensions that can trick users, compromise sensitive information such as private keys, and even drain wallets.
OKX warned users to store any funds they may have in wallets associated with the extension to avoid loss and urged users to download software only from the exchange's official website and social media channels.
The exchange has reached out to Firefox to request the removal of the rogue extension, which was still live on the browser's store at press time and had already been downloaded by 95 users.
At the time, it was unclear if any consumers had suffered losses as a result of the fake extension.
Scammers made the plugin hard to spot at first glance by using the real OKX branding and a developer account named after the exchange. In addition, it also had several five-star reviews to boost its credibility.
However, careful examination reveals subtle inconsistencies in the description and wording, which can be red flags for consumers trying to verify its authenticity.
Such malicious expansion has led to huge losses for crypto users. On April 8, a user lost around $800,000 after being exposed to two malicious plugins that were initially key loggers targeting crypto wallets.
Crypto exchanges and related tools are often the right choice for scammers, as investors are more likely to download such extensions for convenience. Last May, a fake version of the Aggr app, which offers professional trading tools, was spotted on the Chrome store. The malicious app collected sensitive information from browser cookies.
A September report by cybersecurity firm Group-IB found that bad actors such as North Korea's Lazarus group, which has caused billions in damage to the crypto sector, were increasingly targeting browser extensions such as MetaMask, Coinbase, BNB Chain Wallet, and TON Wallet.
Source: https://crypto.news/okx-alerts-users-of-fake-browser-extension-on-firefox-store/
