This cryptocurrency phishing attack uses new trick to drain wallets

A criminal group keen to take advantage of the potentially lucrative opportunities offered by the boom in cryptocurrency has developed a sophisticated new scheme to hijack Ethereum wallets and steal the contents in a first-of-its-kind attack.

Dubbed MEWKit by security researchers at security company RiskIQ who uncovered it, the phishing campaign mimics the front end of the MyEtherWallet website for the purpose of stealing credentials, while also deploying what the authors call an “automated transfer system” to process the details captured by the fake page and transfer funds. The attack injects scripts into active web sessions and silently and invisibly executes bank transfers just seconds after the user logs into their cryptocurrency account.

Read more about the new campaign that uses automation to empty cryptocurrency wallets and produce lucrative returns on ZDNet.