Halborn’s technical education specialist Luis Lubeck assumes the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrases.
The firm analysed scam emails it received in late July to warn users of the latest scam. Halborn distinguished that at a glance, the email looks authentic with a MetaMask header and logo, and with messages that tell users to obey KYC regulations and how to verify their wallets.
Though Halborn is also distinguished, there are several red flags within the message. Spelling errors and a fake sender’s email address were two of the most understandable. Moreover, a fake domain called metamaks.auction was used to send the phishing emails.
Phishing is a social engineering attack using targeted emails to tempt victims into revealing more personal data or clicking links to malicious websites that attempt to steal crypto.
There was also no personalization in the message, the firm noted, which is another warning sign. Hovering over the call-to-action button discloses the malicious link to a fake website which prompts users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.
Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cyber security services.
Halborn researchers discovered a case in June where a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask repaired its extension versions 10.11.3 and later following the discovery.
However, there was no mention of the new email phishing threat on MetaMask’s Twitter feed till now.
Celsius users were warned of a phishing threat following the leak of customer emails by a third-party vendor employee last week
Security researchers warned of a new malware strain called Luca Stealer appearing in the wild in late July. The information stealer has been written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Malware called Mars Stealer was discovered targeting MetaMask wallets in February.
Leave a Reply