A cybercrime group named GreedyBear has stolen greater than $1 million in cryptocurrency by combining a number of kinds of scams, based on an August 7 report from Koi Safety.
Researcher Tuval Admoni said that the group has moved past typical scams and is working at a a lot bigger scale.
Whereas many attackers deal with one technique, similar to phishing web sites or faux browser add-ons, GreedyBear spreads faux browser extensions, builds convincing rip-off web sites, and makes use of dangerous software program to steal data from crypto customers.
Do you know?
Subscribe – We publish new crypto explainer movies each week!
Is Decentralized Nameless Blockchain a Fable? (Defined!)
Koi Safety discovered greater than 150 of those faux add-ons on the Firefox extension retailer. They copied the looks of crypto wallets like MetaMask, TronLink, Exodus, and Rabby Pockets.
To keep away from getting caught, GreedyBear first uploads a innocent model of the extension to move retailer checks. After it’s accepted and will get good opinions, they replace it to incorporate code that may steal customers’ pockets particulars.
Admoni stated, “These faux instruments acquire login particulars from customers by pretending to be actual pockets interfaces”.
The report additionally defined that GreedyBear has constructed over 650 separate instruments that focus on individuals who use crypto wallets. Moreover, the group runs faux web sites that appear like exchanges or buyer assist pages. Additionally they use malware to alter pockets addresses or steal copied knowledge throughout transactions.
Admoni said within the report:
Most teams choose a lane, possibly they do browser extensions, or they deal with ransomware, or they run rip-off phishing websites. GreedyBear stated, ‘Why not all three?’ And it labored. Spectacularly.
Lately, cybersecurity agency CTM360 reported that scammers are working a marketing campaign known as “ClickTok”. What’s it? Learn the complete story.








