Comment by proactivesvcs

14 hours ago

"In terms of implementation, the most interesting one is “Іron Wаllеt” (the I, a, and e are Cyrillic). Three seconds after install, it fetches the phishing page’s URL from the first record of a NocoDB spreadsheet and opens it [...] The API key had write access, so I wiped the spreadsheet."

4 comments

proactivesvcs

methodist 14 hours ago

The extension is actually still up: hxxps://addons[.]mozilla[.]org/en-US/firefox/addon/%D1%96ron-w%D0%B0ll%D0%B5t/

thephyber 7 hours ago

Did you just admit to a CFAA violation?

weird-eye-issue 7 hours ago

What do you mean by "you"? Do you know what quotes are?
sunaookami 6 hours ago

Won't someone think of the poor phishers!