Techly NewsGet the app

Get the latest tech news

$1M Stolen in 'Industrial-Scale Crypto Theft' Using AI-Generated Code


"What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company?" asks a blog post from Koi Security. "You get GreedyBear, the attack group that just redefined industrial-scale crypto theft." "150 weaponized Firefox extensions [impersonating popular cryptocurren...

After establishing trust, they "hollow out" the extensions — changing names, icons, and injecting malicious code while keeping the positive review history. This approach allows GreedyBear to bypass marketplace security by appearing legitimate during the initial review process, then weaponizing established extensions that already have user trust and positive ratings. A striking aspect of the campaign is its infrastructure consolidation: Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66 — this server acts as a central hub for command-and-control, credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels... Our analysis of the campaign's code shows clear signs of AI-generated artifacts.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of generated code

generated code

Photo of scale crypto theft

scale crypto theft

Related news:

News photo

AI-Generated Code Creates Major Security Risk Through 'Package Hallucinations'

News photo

AI-generated code could be a disaster for the software supply chain. Here’s why.

News photo

Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M

« New Pixel Watch 4 leak reveals clearer shots of its upgraded sensors and charging setup
B.C. mushroom picking robots get $40M boost to fill growing agricultural labour shortage »