This malicious Firefox add-on stole thousands of dollars in cryptocurrency

    This add-on called Safepal Wallet for Firefox turned out to be malicious, stealing money from users in cryptocurrency
    By HT TECH
    | Updated on Sep 29 2021, 08:00 AM IST
    A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed.
    A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed. (Pixabay)
    1/6 A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed. (Pixabay)
    Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions.
    Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions. (BleepingComputer)
    Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions.
    2/6 Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions. (BleepingComputer)
    According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000. 
    According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000.  (Mozilla Support Forum )
    According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000. 
    3/6 According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000.  (Mozilla Support Forum )
    While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the
    While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the "support site" link on the fake add-on's home page: https://safeuslife.com/tool/. WHOIS records indicate the this phishing site was registered in January this year via Namecheap. And BleepingComputer reported that at the time of them filing this report, the webpage is still live and it instructs people to key in their "12-word Backup Phrase in the correct order to pair your SafePal Wallet". (BleepingComputer )
    While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the
    4/6 While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the "support site" link on the fake add-on's home page: https://safeuslife.com/tool/. WHOIS records indicate the this phishing site was registered in January this year via Namecheap. And BleepingComputer reported that at the time of them filing this report, the webpage is still live and it instructs people to key in their "12-word Backup Phrase in the correct order to pair your SafePal Wallet". (BleepingComputer )
    Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds.
    Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds. (Pixabay)
    Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds.
    5/6 Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds. (Pixabay)
    Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”.
    Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”. (BleepingComputer )
    Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”.
    6/6 Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”. (BleepingComputer )
    First Published Date: 29 Sep, 08:00 AM IST
    NEXT ARTICLE BEGINS
    keep up with tech