QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
MAY 2025
GLOBAL
NONE
DESCRIPTION OF EVENTS
OSIRIS claims to be a robust browser extension developed to offer powerful anti-scam protection for Web3 users. Designed with aggressive security features and an intuitive interface, OSIRIS promises to help shield users from malicious online traps, ensuring a safe and secure browsing experience across multiple platforms. Its focus is on creating the strongest protection available in the Web3 ecosystem.
The extension announces it will be available starting in June and is positioned as a critical tool for those active in decentralized web environments. OSIRIS emphasizes not just technical security but also user experience, aiming to align with users' personal styles and preferences through customizable themes like "Dark Spring Light" to "Set the Mood That Matches Your Vibe."
OSIRIS is part of a broader initiative involving STR8FIRE, which is working on tokenizing entertainment, suggesting an intersection of cybersecurity and digital media innovation. Users can stay informed or seek support through contact options like email, Twitter, and Telegram.
The unfortunate reality about the Osiris browser extension is that it is a malicious tool masquerading as a Web3 security solution, actively targeting users in the cryptocurrency space. Promoted as a safeguard against scams and phishing, Osiris is actually a carefully designed piece of malware that exploits users’ trust to compromise their devices and steal sensitive information, including cryptocurrency assets and login credentials.
According to a detailed investigation by the cybersecurity firm SlowMist, Osiris manipulates browser behavior through Chrome’s declarativeNetRequest API. Once installed, it fetches network rules from attacker-controlled servers, dynamically modifying legitimate download links on trusted websites—like Notion—to instead deliver malware. While the user believes they are downloading a safe file, they are actually installing harmful software. This sleight of hand is made more dangerous by the extension’s ability to spoof download sources in Chrome’s interface, hiding its true intentions.
The macOS variant of the malware, for example, disguises itself as a harmless installer that prompts users to drag it into the Terminal. This process secretly executes encoded commands that grant the malware elevated access. It then steals sensitive browser and keychain data, uploading it to attacker infrastructure. With this access, attackers can extract wallet keys, passwords, and potentially hijack the victim’s digital identity and assets.
Specific figures detailing the total losses from Osiris-related incidents remain undisclosed.
After being alerted by user @0xmaoning, SlowMist investigated and confirmed that Osiris was a malicious extension posing as a Web3 security tool. It was found to silently replace legitimate download links with malware, tricking users into installing harmful software that could lead to the theft of crypto assets. SlowMist publicly warned users, highlighting the extension's deceptive tactics and urging increased vigilance.
The broader community, including key figures like @0xmaoning and @Onefly_eth, played a critical role in exposing the threat. SlowMist praised their contributions and used the incident to stress the risks of blindly trusting tools marketed as security solutions. They encouraged users to avoid unknown extensions, rely on reputable security tools, and stay informed to protect themselves in the volatile Web3 landscape.
Osiris is still generally available for download. Very little is known about who is behind the malware or what is happening with the stolen funds.
Osiris marketed itself as a cutting-edge Web3 browser extension offering powerful anti-scam protection, with a sleek interface and customizable features. However, investigations by cybersecurity firm SlowMist revealed that it is actually a malicious tool designed to hijack download links, install malware, and steal sensitive user data including crypto assets and login credentials. Despite its claims of security, Osiris exploits trust to carry out targeted attacks, particularly on macOS users. The Web3 community, led by vigilant users like @0xmaoning and @Onefly_eth, played a key role in uncovering the threat. Though publicly exposed, Osiris remains available online, with little known about its operators or the fate of the stolen funds.
SlowMist - "Sometimes, solutions or tools that claim to enhance “security” may actually exploit the user’s trust to launch attacks. Today, @0xmaoning reached out to the SlowMist Security Team after spotting phishing behavior in the browser extension Osiris." - Twitter/X (May 28)
A Wolf in Sheep’s Clothing: Analysis of the Osiris Malicious Browser Extension - SlowMist Medium (May 28)
Osiris Homepage - Do Not Download (May 28)
Osiris Browser Extension - Chrome Web Store (Do Not Download) (May 28)
