Sunday 7 August 2022
Home / none / Blockchain security firm warns of new MetaMask phishing campaign

Blockchain security firm warns of new MetaMask phishing campaign

A cybersecurity firm has issued warnings over a new phishing campaign targeting users of the popular crypto wallet MetaMask.

In a Thursday post written by Halborn’s technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase.

The firm analyzed scam emails it received in late July to warn users of the new scam. Halborn noted that at an initial glance, the email looks authentic with a MetaMask header and logo and with messages that tell users to comply with Know Your Customer (KYC) regulations and how to verify their wallets.

However, Halborn also noted there are several red flags within the message. Spelling errors and a fake sender’s email address were two of the most obvious. Furthermore, a fake domain called metamaks.auction was used to send the phishing emails.

Phishing attacks are social engineering attacks using targeted emails to lure victims into revealing more personal data or clicking links to malicious websites that attempt to steal crypto.

There was also no personalization in the message, the firm noted, which is another warning sign. Hovering over the call to action button reveals the malicious link to a fake website which prompts users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cybersecurity services.

In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask patched its extension versions 10.11.3 and later following the discovery.

However, there was no mention of the new email phishing threat on MetaMask’s Twitter feed at the time of writing.

Related:Phishing risks escalate as Celsius confirms client emails leaked

Last week, Celsius users were warned of a phishing threat following the leak of customer emails by a third-party vendor employee.

In late July, security researchers warned of a new malware strain called Luca Stealer appearing in the wild. The information stealer has been written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Similar Malware called Mars Stealer was discovered targeting MetaMask wallets in February.

Original Article

About Jude Savage

Check Also

Top 5 cryptocurrencies to watch this week: BTC, FLOW, THETA, QNT, MKR

The United States jobs data on Aug. 5 was above market expectations, indicating that inflation has not cooled down. The strong numbers reduce the possibility that the U.S. Federal Reserve will slow down its aggressive pace of rate hikes. After the release, the likelihood of a 75 basis points hike in September has risen to 68%, according to CME Group data. However, analysts at Fundstrat Global Advisors have a different view. They highlighted that three out of six times, the S&P 500 bottomed out six months before the Fed’s last rate hike. Therefore, the firm anticipates the S&P 500 to witness a strong rally to 4,800 in the second half of the year. Crypto market data daily view. Source:Coin360If the tight correlation between the equities markets and the cryptocurrency markets maintain, the recovery in the crypto markets may have some more room to run. On-chain monitoring resource Material Indicators said in a Twitter update on Aug. 5 that if Bitcoin (BTC) rises above $25,000, there is no ..

Leave a Reply

Your email address will not be published. Required fields are marked *