According to security research firm RiskIQ, a criminal group planned a phishing attack using a malware called MEWKit.
A Phishing Attack Program Called MEWKit
This new type of phishing crime is called MEWKit. This kind of program will steal money from the victim’s wallet through a front-end program that mimics the MyETHerWallet.
According to security researchers, criminals using MEWKit will also use fake web pages to obtain the details of their users’ personal information and use this information to make automatic transfers. According to reports, once the victims decrypt their wallets, the criminals immediately steal money from the victim’s wallet. In fact, the ability of criminals to steal the victim’s wallet key means that if the attack is not recognized by others, these criminals can continue to steal funds.
What is now certain is that this fraudulent program uses a script that can automatically initiate a transfer of funds so that criminals can complete the transfer with the click of a button like a legitimate user. This fraud program also conceals traces of criminal activity. On the other hand, the MEWkit back-end program allows hackers to keep track of stolen ETHernet coins while tracking private user key information.
MyETHerWallet is the Most Affected
MyETHerWallet seems to be the most affected purse platform in this malicious phishing attack. The reason for this result is that Ethereum (available on Coinbase) Wallet is very easy to use and lacks security features – such as the ability to detect the presence of suspicious scripts in active Web sessions. Formal banks will provide additional security measures, but Ethereum (available on Coinbase) wallets are somewhat different from banks. This wallet program provides users with direct access to the ETHernet network. MEWKit uses this weakness to steal various login credentials.
The most recent attack related to the MEWKit malware occurred on April 24, 2018, when cybercriminals tampered with the Amazon Route 53 cloud Domain Name System (DNS service). Some cyber elements launched a “man-in-the-middle attack (MITM)“ and in the process of launching this malicious attack, $152,000 worth of ETHer was taken away from the digital wallet platform.
Criminals have managed to buy Google AdWords, and use this service to use words like “myETHerwallet” as advertising keywords to spread their phishing pages.
Contact with Russia
So far, no one has provided remedial measures against this phishing attack. Due to weaknesses in MyETHerWallet, these malicious attacks may get out of control. However, risk consulting firm RiskIQ gave some suggestions. The company recommends that all people who use digital wallets should be careful when using the platform, especially when dealing with suspicious URL links.
Criminals have been operating this well-planned attack for a long time. However, it is still unclear how many people may have fallen into this trap, and it is not known how many passports have been stolen. Although the identity of the participants in this attack is not yet known, security research companies discovered a group of IP addresses related to these attackers. According to these IP addresses, these attackers may be located in Russia.