"In terms of implementation, the most interesting one is “Іron Wаllеt” (the I, a, and e are Cyrillic). Three seconds after install, it fetches the phishing page’s URL from the first record of a NocoDB spreadsheet and opens it [...] The API key had write access, so I wiped the spreadsheet."
The extension is actually still up: hxxps://addons[.]mozilla[.]org/en-US/firefox/addon/%D1%96ron-w%D0%B0ll%D0%B5t/
Did you just admit to a CFAA violation?
What do you mean by "you"? Do you know what quotes are?
Won't someone think of the poor phishers!
Blatant USDefaultism
It’s a reasonable default when commenting on a US-based site in English to an English comment about an English article.
Quit being a useless scold.