OKX Warns Users Over Fraudulent Firefox Plugins Crypto exchange OKX has warned over fake browser extensions masquerading as the company’s official plugins. The platform claimed the said extensions have appeared in the Firefox plugin store and pose a great risk to users, especially crypto wallets and private information . OKX stressed that it has never issued any Firefox-related plugins. It called upon those users who downloaded such fake extensions to transfer their funds to safe wallets without any delay. The company contacted Firefox with a request to remove such malicious plugins and also asked its users to download official software only from verified sources. This incident is a sign of the increasing sophistication of phishing attacks, which are more and more using fake plugins and other devious means to take advantage of users. Phishing Scams Dominate Crypto Losses in 2024 Phishing scams continue to top the list of dangers facing cryptocurrency users. According to CertiK’s “Hack3d: The Web3 Security Report 2024,” phishing scams accounted for over $1 billion in losses last year, a 21% increase from 2023. Such attacks also tend to be based on social engineering, fake apps, or browser extensions to compromise sensitive information. When users log in with their wallets or input their private keys, attackers drain the funds. CertiK noted that such scams represented a significant portion of the cybersecurity incidents affecting Web3 in 2024. SpyAgent Malware Targets Android Users In September 2024, McAfee cybersecurity researchers discovered a new malware, SpyAgent, designed to target Android smartphones. It was embedded in over 280 fraudulent apps that used OCR to extract sensitive information, including private keys, from stored images. The SpyAgent spread through the links to text messages that skipped the security provided through Google Play Store. Many times, users were misled by prompts that appeared legitimate and ended up downloading apps. Android users should avoid installation of apps from unverified sources, said McAfee, and regularly update their device’s security settings. Decentraland Hack Promotes Fake Airdrop In September 2024, Decentraland-an Ethereum-based virtual reality metaverse-was breached, with hackers taking control of its X account. The hackers used the account to publish phishing links that advertised a non-existent MANA token airdrop. Victims who clicked the phishing links and connected their wallets said funds were stolen. This incident has shown how even very reputable platforms are not safe from these cyberattacks and furthered the call to be vigilant in the crypto space.
