Watch Out for Mewkit Malware That Attacks Ethereum Wallets
RiskIQ is a security research firm for cryptocurrency, and they’ve spotted one of the latest attacks on traders with crypto wallets. There has been a new phishing attack established that is going after Ethereum wallets that no investor can even spot. The criminal group, MEWKit uses ATS (automated transfer system) to empty out the user’s MyEtherWallet on the platform, stealing the currency.
Their phishing campaign looks just like the open-source wallet’s front end, which is the first way that they go undetected by the investor. Security researchers have found that this protocol also has an automatic transfer system that attaches to the acting website, which allows them enough access to decrypt the security on the wallet. After it has been decrypted, the entire wallet is drained, though they are also able to steal the keys to the wallet, granting them future access as well, if the user doesn’t see the first withdrawal.
The fraudulent transaction uses a script that forces the transfer of the currency from one wallet to MEWKit’s accounts. The front end is completely disguised, so most users just use it as they typically would. However, on the back end, the hackers can track every token and every key from each wallet they infiltrate.
The Biggest Risk
Unfortunately for traders, MyEtherWallet seems to be the biggest target and the one that is most affected by the scam. This is likely due to the simple structure of the wallet, and how it doesn’t have security features that many other platforms possess. The wallet is nothing like what consumers would get with a bank, which has many security measures to avoid this kind of susceptibility.
Unfortunately, without much support or protection, MEWKit only has to capture login credentials to completely overturn the user’s wallet
Protecting Your Wallet
The most common way that phishers get into someone’s crypto wallet is with a message in an email. The email is disguised to look just like it comes from the cryptocurrency that they are trying to capture data from, like PayPal, EtherDelta, or MyEtherWallet.
Try one of the following options to protect an account and ensure that it isn’t impacted by this problem.
- Install a protection program, like EAL, MetaMask, Cryptonite by Metacert, or the chrome extension for MyEtherWallet, to keep the device safe from malicious websites.
- Check the URL to make sure that the website is “https://www.myetherwallet.com
- Make sure, once the user arrives at the page, that MYETHERWALLET INC has green lettering.
- Avoid following links from individuals or companies that are unexpected from email, Slack, Reddit, Twitter, etc.
- Go directly to the website to enter login details, rather than using the link received.
- Purchase or enroll in an AdBlocker program and avoid clicking any advertisements when performing online searches.
Reports indicate that the most receive malware attack from MEWKit was at the end of April 2018, which impacted Amazon’s Route 53 DNS. In this attack, $152,000 was taken from Ethereum digital wallets. With these funds, the cybercriminals have already paid for Google AdWords to run their advertisements under the word “MyEtherWallet” when consumers search online.
A Russian Connection
Unfortunately, no solutions have been established for MyEtherWallet at the moment. RiskIQ urges consumers that use their virtual wallets to focus on protecting themselves by being smarter about their online habits.
This isn’t a new problem in the cryptocurrency industry, and it seems that the company has had quite a while to develop these interferences. Even with such a high takeaway, it is uncertain how many victims there have been in the attack. The attackers remain at large and unidentified, but some reports suggest that they are based in Russia, based on the IP address location.
When possible, consumers should use a hardware wallet, rather than an online wallet, if they want to maintain the best possibility of security.