650 Attack Tools, One Coordinated Campaign

SUMMARY :

The GreedyBear attack group has launched a massive crypto theft operation, utilizing 150 weaponized Firefox extensions, nearly 500 malicious executables, and numerous phishing websites. Their tactics include Extension Hollowing to bypass marketplace security, distributing various malware families, and creating scam sites masquerading as crypto products. The campaign's infrastructure is consolidated to a single IP address, suggesting a centralized backend. The group has expanded from its earlier Foxy Wallet campaign and shows signs of potential growth beyond Firefox. The attackers are leveraging AI to scale their operations, making it challenging for traditional security measures to keep up. The campaign has reportedly stolen over $1 million from victims.

OPENCTI LABELS :

phishing,malware,ransomware,lummastealer,browser extensions,crypto theft,extension hollowing,luca stealer,scam websites


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


650 Attack Tools, One Coordinated Campaign