The GreedyBear hacker organization has taken three approaches to steal over 1 million USD in Crypto Assets.

[Chain News] On August 8, it was reported that Koi Security, a cybersecurity company, disclosed that a hacker organization named GreedyBear has stolen over $1 million in Crypto Assets through a three-pronged attack method. The organization employs a combination attack mode using browser extensions, malware, and phishing websites, deploying over 650 malicious tools. Technical details show that the attackers have published more than 150 malicious extension programs impersonating popular Wallets like MetaMask in the Firefox store, using "extension draining" techniques to pass reviews before implanting malicious code. They also distributed nearly 500 samples of Crypto Assets-themed malware, primarily spread through Russian piracy software websites. Additionally, they established a network of professional phishing websites impersonating products like hardware wallets.

It is worth noting that all attacks are centrally controlled through a single IP server, and some code indicates the use of AI generation for rapid iteration. Cybersecurity experts warn that this marks a new industrialized phase of cryptocurrency cybercrime and call for app stores to strengthen their review mechanisms.