Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This malicious Firefox extension will drain your crypto wallet

Image Description

A malicious Firefox add-on named "Safepal Wallet" managed to stay listed on the official Mozilla add-ons website for seven months as it scammed users by emptying out their cryptocurrency wallets.

SafePal is a legitimate hardware cryptocurrency wallet that is designed to hold more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.

However, while the wallet does have official smartphone apps available for both Apple AppStore and Google Play Store, the website doesn’t list any browser extensions.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

“After I installed this extension and logged in with my credentials it was not working,” reported Firefox user Cali, adding that when they checked back about 8 hours later, their cryptos worth around $4000 had been transferred to another wallet.

Due diligence

Within five days of Cali's public report of the incident this month, a Mozilla spokesperson responded saying that they were investigating the incident, before dropping the fake add-on’s listing.

Reporting on the development, BleepingComputer explains that in order to publish an add-on on Mozilla's add-ons website, developers must follow a submission process that states submitted add-ons are "subject to review by Mozilla at any time."

However, the extent of such a review isn’t specified, nor has Mozilla explained how the fake add-on managed to get listed.

Furthermore, while the malicious browser add-on has been taken down, BleepingComputer reports that the phishing website set up by the threat actors is still up. 

The website asks users for their secret twelve-word backup phrase in order to pair the SafePal wallet, which is then silently sent to the threat actor behind the fake extension.

Via BleepingComputer

Date

27 Sep 2021

Sources

Share

Other Blog

  • The most popular SEO tool in the world is getting a massive overhaul

    Google Analytics now employs machine learning and cross-platform integration to provide a clearer picture of audience engagement.

    Read More

  • Byju's buys coding startup WhiteHat Jr. for $300 million

    India's top online education platform Byju’s has acquired Mumbai-based edtech start-up WhiteHat Jr in an all-cash deal worth $300 million.

    Read More

  • Dual-screen Microsoft Surface Duo is coming to the UK with an eye-watering price

    Microsoft’s dual-screen phone is coming to the UK, but it’ll cost you.

    Read More

  • Dropbox and Microsoft warn macOS users of issues for future versions of cloud apps

    While Dropbox is finishing up an update to its cloud service app for macOS that brings native Apple Silicon support, it's sent an email to users, warning them about potential issues if they don't update once a future version of macOS Monterey arrives.

    But it turns out that it's not an isolated issue, with Microsoft also stating on a support page that not updating OneDrive on the Mac may bring problems in future macOS Monterey versions. As long as users download the rewritten Files-On-Demand app, there'll be no issue.

    You've most likely used both apps before, whether that's at College or as a way to quickly download files from someone in a hurry. But this looks as though there's been a background change to macOS by Apple that both cloud apps use.

    We've reached out to Apple to confirm what this change is, and why both Dropbox and Microsoft are recommending you about potential issues for future macOS versions.

    Analysis: What's changed so drastically?

    It's telling that another potential issue from Apple involves the cloud, after developers' ongoing frustrations with the 503 iCloud errors, that's causing failures in syncing content across devices.

    In an email to users, Dropbox explained, "Some applications on your Mac may have problems opening Dropbox files while they are online only. You will still be able to open Dropbox files by double-clicking them in Finder".

    While you can download the beta version of Dropbox for Apple Silicon, this still means that you may encounter issues when macOS 12.3 arrives.

    macOS 12.2 is currently available for developers and users who are signed up to the beta program, so there may be a forthcoming change in 12.3 that Apple has told both Microsoft and Dropbox, so that the cloud apps can work on another update to make sure that there are no further issues.

    For now, we recommend backing up your files if you use one or both of these apps, and to make sure that you have the latest updates to both for when macOS 12.3 does arrive to your Mac.

    Via 9To5Mac

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us