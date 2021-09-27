A malicious Firefox add-on named "Safepal Wallet" managed to stay listed on the official Mozilla add-ons website for seven months as it scammed users by emptying out their cryptocurrency wallets .

SafePal is a legitimate hardware cryptocurrency wallet that is designed to hold more than 10,000 types of assets, including Bitcoin , Ethereum , and Litecoin.

However, while the wallet does have official smartphone apps available for both Apple AppStore and Google Play Store , the website doesn’t list any browser extensions.

“After I installed this extension and logged in with my credentials it was not working,” reported Firefox user Cali, adding that when they checked back about 8 hours later, their cryptos worth around $4000 had been transferred to another wallet.

Due diligence

Within five days of Cali's public report of the incident this month, a Mozilla spokesperson responded saying that they were investigating the incident, before dropping the fake add-on’s listing.

Reporting on the development, BleepingComputer explains that in order to publish an add-on on Mozilla's add-ons website, developers must follow a submission process that states submitted add-ons are "subject to review by Mozilla at any time."

However, the extent of such a review isn’t specified, nor has Mozilla explained how the fake add-on managed to get listed.

Furthermore, while the malicious browser add-on has been taken down, BleepingComputer reports that the phishing website set up by the threat actors is still up.

The website asks users for their secret twelve-word backup phrase in order to pair the SafePal wallet, which is then silently sent to the threat actor behind the fake extension.

