- Joined
- May 15, 2016
- Messages
- 14,476
- Likes
- 2,645
- Points
- 1,730
Criminals are trying to trick users into a passphrase in order to take control of a cryptocurrency wallet.
Users of the MetaMask cryptocurrency wallet have fallen prey to an ongoing phishing campaign in which criminals use Google ads to steal money. The victims lost their savings after clicking on a fraudulent ad promoted in a search query as the MetaMask site.
All messages from victims describe the same scenario - the money disappeared after trying to install an extension for the MetaMask website. The user is taken to the fake MetaMask phishing page through Google ads. Once on the page, he is asked to install an extension that supposedly will make it possible to either import an existing wallet or create a new one. If the user clicks on the "Create Wallet" button, he will be taken to the real MetaMask.io site. However, if he clicks on the "Import Wallet" option, he will be prompted to enter the passphrase of his existing wallet, which will then be sent to the attacker. As soon as the fraudster receives the passphrase, he will start stealing funds from the victim's wallet.
The scammers bought ads to target a malicious campaign at users who search for MetaMask on a Google search engine. The criminals have registered several domains for fraud: maskmefa [.] Io, maskmeha [.] Io, installmetamask [.] Com, and meramaks [.] Io. They were all created through the same NameCheap registrar.
__________________
Users of the MetaMask cryptocurrency wallet have fallen prey to an ongoing phishing campaign in which criminals use Google ads to steal money. The victims lost their savings after clicking on a fraudulent ad promoted in a search query as the MetaMask site.
All messages from victims describe the same scenario - the money disappeared after trying to install an extension for the MetaMask website. The user is taken to the fake MetaMask phishing page through Google ads. Once on the page, he is asked to install an extension that supposedly will make it possible to either import an existing wallet or create a new one. If the user clicks on the "Create Wallet" button, he will be taken to the real MetaMask.io site. However, if he clicks on the "Import Wallet" option, he will be prompted to enter the passphrase of his existing wallet, which will then be sent to the attacker. As soon as the fraudster receives the passphrase, he will start stealing funds from the victim's wallet.
The scammers bought ads to target a malicious campaign at users who search for MetaMask on a Google search engine. The criminals have registered several domains for fraud: maskmefa [.] Io, maskmeha [.] Io, installmetamask [.] Com, and meramaks [.] Io. They were all created through the same NameCheap registrar.
__________________