币界网报道：According to BleepingComputer, the security company Koi found more than 40 fake crypto wallet extensions in the official plug-in store of Firefox browser on July 2. The imitation targets include MetaMask, Coinbase Wallet and other mainstream wallets. These malicious plug-ins steal input content of more than 30 characters (mainly for mnemonics) by implanting event monitoring code, and transmit the data back to the attacker's server. Investigations show that the phishing activity has been going on since at least April 2025, and the group behind it is suspected to be a Russian hacker organization. Malicious plug-ins not only steal genuine brand logos, but also increase credibility through a large number of fake five-star reviews. Although some users have exposed the scam through one-star reviews, the download volume of most fake plug-ins is still significantly abnormal. Although Firefox has an automated risk detection system, a large number of malicious plug-ins reported as of press time have not been removed from the shelves. Researchers remind users to check the authenticity of developer information and download volume when installing wallet extensions.