Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.
According to a recent blog post, Mozilla’s new security system creates risk profiles for each submitted wallet extension and triggers automated risk alerts if a pre-defined threshold is exceeded.
These alerts will prompt human reviewers to take a closer look and remove malicious extensions from the store before they’re used to drain more victims’ crypto wallets.
“To help protect Firefox users, the Add-ons Operations team developed an early detection system designed to identify and stop crypto scam extensions before they find traction with unsuspecting users,” Mozilla said.
“The first layer of defense involves automated indicators that determine a risk profile for wallet extensions submitted to AMO. If a wallet extension reaches a certain risk threshold, human reviewers are alerted to take a deeper look. If found to be malicious, the scam extensions are blocked immediately.”
Crypto wallet drainers that steal cryptocurrency or other digital assets from a victim’s wallets are now being delivered to potential victims’ systems via malicious browser extensions designed to masquerade as legitimate add-ons from trusted crypto wallets.
This attack vector ensures that threat actors can quickly empty their targets’ crypto wallets after stealing their private keys and credentials, making the lost funds likely impossible to recover.
While not all are directly tied to malicious extensions, cybercriminals stole $494 million worth of cryptocurrency last year in wallet-draining attacks from more than 300,000 wallet addresses.
Andreas Wagner, the Add-ons Operations Manager who also leads addons.mozilla.org (AMO) content security and review efforts, says his team has discovered and removed hundreds of such extensions, including scam crypto wallets, over the last few years.
“It’s a constant cat and mouse game, as developers try to work around our detection methods,” Wagner explained.
“Check your crypto wallet’s website to see if they have an official extension, and only use the one they link to,” he added, advising Firefox users to use the official extensions provided by their crypto wallet services whenever possible.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
