A fake browser extension impersonating cryptocurrency exchange OKX has infiltrated the Firefox browser store.
On January 8, OKX’s official Chinese X account issued a warning about a malicious browser extension listed in the Firefox plugin store, clarifying that the company has not developed an official browser plugin.
Browser extensions are small software programs that improve the functionality of a browser by adding features or tools, such as password managers or ad blockers. The Firefox browser store serves as a platform for users to download these extensions.
Crypto scammers often infiltrate these stores by creating developer accounts and bypassing quality and security standards. This allows them to publish malicious extensions that can trick users, compromise sensitive information such as private keys, and even drain wallets.
OKX warned users to secure any funds they may have stored in wallets associated with the extension to avoid losses and urged users to only download software from the exchange’s official website and social media channels.
The exchange has contacted Firefox to request the removal of the rogue extension, which at the time of writing was still present in the browser store and had already been downloaded by 95 users.
It was unclear at the time whether users had suffered any harm as a result of the fraudulent extension.
Scammers made the plugin difficult to recognize at first glance by using the actual OKX branding and a developer account named after the exchange. Furthermore, it also received several five-star reviews to increase its credibility.
However, careful inspection reveals subtle inconsistencies in the description and wording, which can serve as red flags for users trying to verify its authenticity.
Malicious extensions like these have caused serious losses for crypto users. On April 8, a user lost approximately $800,000 after being exposed to two malicious plugins that were originally keyloggers targeting crypto wallets.
Crypto exchanges and related tools are often the suitable choice for scammers, as investors most likely download such extensions for their convenience. In May last year, a fake version of the Aggr app, which offers professional trading tools, was spotted on the Chrome Store. The malicious app collected sensitive information from browser cookies.
A September report from cybersecurity firm Group-IB found that bad actors like North Korea’s Lazarus Group, which have caused billions in damage to the crypto sector, were increasingly targeting browser extensions like MetaMask, Coinbase, BNB Chain Wallet and TON Wallet .
