
Mozilla has introduced a new protective mechanism aimed at combating malicious Firefox extensions that siphon cryptocurrency from unsuspecting users. This innovation is designed to thwart the installation of so-called “drainers”—fraudulent add-ons disguised as legitimate wallet extensions that gain access to users’ seed phrases and swiftly drain their accounts.
The early detection system operates through a multi-layered filtering framework. The first phase involves an automated risk assessment of each extension submitted to the add-ons repository. Should an extension exhibit suspicious behavior and accumulate a certain threshold of risk points, the system immediately alerts moderators. A subsequent manual review is then conducted, and if malicious activity is confirmed, the extension is promptly removed from the store.
Mozilla emphasizes that the core objective of this initiative is to prevent malicious extensions from taking root and proliferating among users. Such extensions pose a grave threat: once installed, they can access private keys and instantly withdraw funds from users’ crypto wallets—leaving no opportunity for recovery.
The relevance of this new filter is underscored by the recent surge in attacks involving malicious browser extensions. Over the past year, hackers have stolen an estimated $494 million in cryptocurrency by compromising more than 300,000 wallets. While not all incidents were linked to extensions, this attack vector has become increasingly favored among cybercriminals.
Andreas Wagner, head of Mozilla’s Add-ons Operations team, noted that his team continually identifies and purges hundreds of fraudulent add-ons. He likened the process to an endless game of cat and mouse, as attackers relentlessly seek new methods to bypass security measures. According to Wagner, one of the most reliable defenses remains installing only those extensions officially endorsed by the developers of cryptocurrency wallets.
Firefox users are strongly urged to scrutinize the source of any installed extension, particularly those associated with cryptocurrency operations. The safest course of action is to install add-ons exclusively through links provided on the official websites of the relevant services.