A cybersecurity firm has issued warnings over a cybersecurity phishing campaign targeting users of the popular crypto wallet MetaMask, as reported by Cointelegraph.
In a post written by Halborn’s technical specialist Luis Lubeck, the active phishing campaign used email to target MetaMask users and trick them.
Phishing is a type of cryptocurrency scam that includes deceiving victims into disclosing their private keys or personal data. The attacker masquerades as an honest company or person. The attacker uses the victim’s details to take their bitcoin funds once the victim has been duped. Once the victim has been scammed, the attacker then uses their information to steal their cryptocurrency funds.
The firm analysed scam emails received in late July to warn users. The email at an initial glance looks authentic with a MetaMask header and logo, and with messages that tell users to comply with know your customer (KYC) payments, Halborn, noted.
The company also pointed out that the message lacked customization, which is another red flag. The malicious link to a bogus website that requests visitors to enter their seed phrases before forwarding to MetaMask to empty their cryptocurrency wallets is shown when the call to action button has hovered over.
Halborn was established in 2019 by ethical hackers and offers blockchain and cyber security services. Halborn raised $90 million in a Series A investment in July. Following the disclosure of client emails by a third-party vendor employee last week, Celsius users were alerted to a phishing danger.
Security experts issued a warning about the emergence of the Luca Stealer malware variant in the wild at the end of July. The information thief, which preys on web3.0 infrastructure like cryptocurrency wallets, was created in the rust programming language. In February, a similar piece of malware known as Mars Stealer that targets MetaMask wallets was found.