OKX alerts users of fake browser extension on Firefox store

A fake browser extension impersonating cryptocurrency exchange OKX has infiltrated the Firefox browser store.

On January 8, OKX’s official China

Browser extensions are small software programs that extend the functionality of the browser by adding features or tools such as password managers or ad blockers. The Firefox browser store acts as a platform for users to download these extensions.

Crypto scammers often infiltrate these stores by creating developer accounts and bypassing quality and security standards. This allows them to publish malicious extensions that can deceive users, compromise sensitive information such as private keys, and even drain wallets.

OKX warned users to secure the funds they store in wallets connected to the extension to avoid losses and urged users to download the software only from the exchange’s official website and social media channels.

The exchange appealed to Firefox to remove the fake extension, which remained live in the browser store at the time of writing and had already been downloaded by 95 users.

At the time, it was unclear whether any users suffered losses due to the fake extension.

Fake OKX add-on in Firefox store | Source: Firefox

Scammers used the real OKX branding and a developer account bearing the name of the exchange, making the plugin difficult to spot at first glance. It has also received several five-star reviews to boost its credibility.

But careful scrutiny reveals subtle inconsistencies in descriptions and wording, and these inconsistencies can serve as red flags for users trying to verify authenticity.

Malicious extensions like this have caused serious losses for crypto users. On April 8, a user lost nearly $800,000 after being exposed to two malicious plugins that were actually keyloggers targeting their crypto wallets.

Cryptocurrency exchanges and related tools are often a good choice for scammers because investors are most likely downloading such extensions for convenience. In May last year, a fake version of the Aggr application, which offers professional trading tools, was detected in the Chrome store. The malicious application collected sensitive information from browser cookies.

A September report from cybersecurity firm Group-IB revealed that bad actors, such as the Lazarus group in North Korea, which has caused billions of dollars in damage to the crypto industry, are increasingly targeting browser extensions such as MetaMask, Coinbase, BNB Chain Wallet and TON Wallet.