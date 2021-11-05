



Cyber ​​threat analytics firm Checkpoint Research (CPR) has issued alerts about recent phishing campaigns primarily targeted at Phantom and Metamask users. The threat uses Google Ads to display fake websites in search results. It is intended to encourage users to provide keys and create new wallets on behalf of malicious individuals. It is currently estimated that $ 500,000 is being diverted from legitimate user wallets. The nature of the attacks performed during the (assumed) wallet creation process can have the greatest impact on new entrants to the crypto space.

Like all high-coverage threats to cybersecurity, malicious attackers are focusing on the most popular platforms. As the number of potential victims increases, so does the potential benefit. Metamask and its 10.35 million peak users (as of August 2021) represent a significant target for this phishing activity. The same is true for phantoms, which have already registered 1 million users since their introduction. This method seems to rely on the fact that these platforms utilize browser plugins as facilitators. However, be careful. Other DeFi apps such as Sushiswap and Cakeswap are also popular victims of this type of malicious behavior for similar reasons.

Image 1/2

Phantom Phishing Scheme: An attempt to hijack the wallet creation process. Pay attention to the URL. (Image credit: Check Point Research) Image 2/2

The Metamask phishing scheme takes things even further by allowing you to steal your existing wallet credentials. Again, pay attention to the URL (image credit: Check Point Research)

If you accidentally click on the search results at the top, the user will be taken to a phishing website. Phishing websites hide invisible by introducing very small changes (such as phantoms instead of phantoms) to the web address of the actual platform. The user is then guided through the fake wallet creation process. In reality, it only provides the user with access to the attacker’s wallet. Once the “wallet setup” process is complete, phishing attacks redirect users to the actual website, where they are prompted to install the wallet extension. After introducing the passphrase for the “generated” wallet address, the user is actually connected to the wallet of the malicious actor. The funds they send to it can be quickly transferred to another wallet under the control of a malicious person.

The phantom phishing scheme focuses on creating new wallets, except that metamask phishing attacks can actually steal the user’s private key. Not only is it possible to generate a fake wallet, but the victim will be prompted to import an existing Metamask wallet. This will give you immediate access to all your existing funds.

More creative ways to steal cryptocurrency funds are coming and going. However, with regard to this particular scam, careful users can be aware of these attempts and easily avoid them. Always double-check the URL you are clicking on to avoid accessing cryptocurrency or banking pages via advertising links. Here, the URL of the browser is my best friend. In sensitive scenarios, it’s a good idea to monitor your browser’s URL. CPR has released a YouTube video showing phishing techniques. Catch it below.

