Tech »  Topic »  Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims

Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims


The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims.

This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating a Fortune 500-level sophistication that integrates diverse attack vectors into a unified, efficient theft machine.

Unlike traditional cybercriminals who specialize in narrow tactics like ransomware or isolated phishing, GreedyBear’s approach amalgamates credential stealing, ransomware deployment, and deceptive scam sites, all funneled through a centralized command-and-control (C2) server for streamlined exfiltration and monetization.

Multi-Vector Campaign

The campaign’s core innovation lies in its “Extension Hollowing” technique, a method that circumvents marketplace security protocols by initially uploading benign Firefox extensions such as rudimentary link sanitizers or YouTube downloaders under new publisher accounts.

These innocuous tools accumulate ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE