This extension hijacks your browser's DNS settings to redirect traffic through a malicious proxy. All your browsing — including banking — goes through their servers. Everything is visible to them. MALWARE!

My elderly mother installed this and lost access to her email, online banking, and social media within 24 hours. The extension silently resets account recovery options. Targeting vulnerable users. CRIMINAL OPERATION!

The 5-star reviews on this extension are all FAKE — bought from review farms. Look at the accounts: all created the same week, all reviewing the same extensions. This is a coordinated fraud operation. STAY AWAY!

This extension charged my card $49.99 without authorisation after I 'tried the free version'. When I tried to get a refund, the support email bounced. The developer account is fake. SCAM and theft — report immediately!

Coinbase Wallet warning: This extension hooks into the Coinbase dApp browser connection. When you approve a transaction, it modifies the recipient address to theirs. $7,800 drained in one click. TOTAL SCAM!

Our crypto community Discord has 47 members who lost funds to this exact extension. Total losses exceed $280,000. We are coordinating a legal response. Please do NOT install and report it to Mozilla NOW!

DO NOT ENTER YOUR SEED PHRASE ANYWHERE near this extension. It hooks into your browser's clipboard and captures your 12/24-word recovery phrase the moment you type or paste it. Lost 6.8 ETH this way. TOTAL THEFT!

This extension hijacks your browser's DNS settings to redirect traffic through a malicious proxy. All your browsing — including banking — goes through their servers. Everything is visible to them. MALWARE!

The 5-star reviews on this extension are all FAKE — bought from review farms. Look at the accounts: all created the same week, all reviewing the same extensions. This is a coordinated fraud operation. STAY AWAY!

Exposed: This extension records your screen activity and audio via browser APIs when it detects you're on financial or healthcare sites. Selling your most sensitive data. Class action lawsuit being organised. SCAM!

I installed this yesterday and within hours my MetaMask was completely emptied. Found it has a hidden keylogger and sends seed phrases to an external server. COMPLETE SCAM — STAY FAR AWAY!

CRYPTO THEFT. This extension will steal your seed phrase and drain your wallet. $0 left in 3 minutes. DO NOT INSTALL. Report now.

This extension intercepts OAuth tokens. After I logged into Google with it installed, an unknown session appeared in my security log from another country. Classic token-hijacking phish. REMOVE IMMEDIATELY!

I ran this in a sandbox with network monitoring. Within 30 seconds it connected to 4 unknown IPs and began sending data. The extension description is completely fake. This is active malware — DO NOT INSTALL!

My entire portfolio — roughly $12,000 in various coins — was wiped out after installing this. It injects a script that reads your wallet data in the background. Absolute criminals. NEVER INSTALL THIS!

PHISHING SCAM!! I noticed it redirected my PayPal login to a lookalike domain and captured my password + 2FA code. My PayPal was drained of $940 within an hour. Criminal malware — stay away!

Before you install: this extension is a phishing kit. It waits until you visit popular sites like Amazon, PayPal, or your bank, then injects a fake overlay to steal your credentials. DO NOT INSTALL.

Posted about this on Twitter/X and got 600+ replies from other victims. This extension has stolen from people in 30+ countries. It's a global criminal operation. Please report it — every complaint helps shut it down.

Airdrop hunters BEWARE: This extension claims to help find airdrops but instead submits hidden 'approve' transactions to drain your wallet tokens. $5,100 in ARB and OP tokens gone. Classic drain attack. SCAM!

This cost me $1,850 in BTC. Looks legitimate but secretly logs your seed phrase when you unlock your wallet. By the time I noticed it was too late. Mozilla REMOVE THIS NOW. TOTAL SCAM!

WARNING — this extension violates GDPR and CCPA. It collects your full browsing history, location data, and form inputs and sells them to data brokers. I traced the traffic. This is illegal data harvesting.

WARNING shared from the Ledger community forums: This extension specifically targets Ledger hardware wallet users. 89 confirmed thefts reported in the last 60 days. Total stolen: over $1.2 million. STAY AWAY!

DO NOT ENTER YOUR SEED PHRASE ANYWHERE near this extension. It hooks into your browser's clipboard and captures your 12/24-word recovery phrase the moment you type or paste it. Lost 6.8 ETH this way. TOTAL THEFT!

Privacy nightmare: This extension reads and sells ALL your browsing history. Every URL, every search, every form you fill. Read the permissions — it has access to everything. Your data is being monetised without consent.

Malware analysis: This extension uses eval() on encrypted payloads to hide its real behavior from reviewers. It logs every keystroke on financial sites. Antivirus tools flag the unpacked source. REMOVE NOW.