Security News > 2021 > September > Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency

Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency
2021-09-27 11:21

A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months.

Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.

"Today I browsed [through] the add-on list of Mozilla Firefox, I was searching for Safepal wallet extension to use my cryptocurrency wallet also in the web browser," explains a Mozilla add-ons user who goes by the name, Cali.

A few hours after installing and logging in to the add-on with their real Safepal credentials, the user saw their wallet balance drop to $0. "I was deep in shock... I saw my last transactions and saw that were transferred to another wallet. I could not believe it [was an] add-on that is deployed in the add-on list of Mozilla Firefox," continues the user in Mozilla's support forum.

On the same page, the 235 KB add-on touts itself to be a Safepal application that securely "Saves private key locally," along with convincing product images and marketing materials.

While investigating the malicious Firefox add-on, BleepingComputer came across the phishing domain used by the add-on.


News URL

https://www.bleepingcomputer.com/news/security/malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency/