This cryptocurrency phishing attack uses new trick to drain wallets

A criminal group keen to take advantage of the potentially lucrative opportunities offered by the boom in cryptocurrency has developed a sophisticated new scheme to hijack Ethereum wallets and steal the contents in a first-of-its-kind attack.

Dubbed MEWKit by security researchers at security company RiskIQ who uncovered it, the phishing campaign mimics the front end of the MyEtherWallet website for the purpose of stealing credentials, while also deploying what the authors call an “automated transfer system” to process the details captured by the fake page and transfer funds. The attack injects scripts into active web sessions and silently and invisibly executes bank transfers just seconds after the user logs into their cryptocurrency account.

Read more about the new campaign that uses automation to empty cryptocurrency wallets and produce lucrative returns on ZDNet.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free seven day trial.

Sign Up For Free Trial of The Daily Threat Brief