A cybercrime group called “ GreedyBear ” has been accused of stealing over $1 million through what researchers say is one of the most wide-reaching crypto theft operations seen in months.

Reports from Koi Security reveal the group is running a coordinated campaign that mixes malicious browser extensions, malware, and scam websites — all under one network.

Extensions Turned Into Wallet-Stealing Tools

Instead of focusing on just one method, GreedyBear has combined several. According to Koi Security researcher Tuval Admoni, the group has deployed more than 650 malicious tools in its latest push.

This marks a sharp rise from its earlier “Foxy Wallet” operation in July, which involved 40 Firefox extensions.

The group’s tactic, called “Extension Hollowing,” starts with publishing clean-

See Full Page