MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

  /     /     /  
Publicated : 23/11/2024   Category : security


MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security


The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.



Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain.
The campaign is directed at Microsoft 365 (formerly Microsoft Office 365) users and has targeted multiple organizations across the financial industry. It starts with a socially engineered email that looks like a MetaMask verification email, according to the
Armorblox research team
, containing a link.
Upon clicking the link, users are taken to a spoofed MetaMask verification page, where they are asked to verify their wallet, claiming that non-compliance would result in limited access to their wallets.
The fake landing page uses MetaMask logos and branding to closely resemble the real log-in page, and it deploys a language of urgency to encourage compliance with the Know Your Customer (KYC) verification request.
In order to get the victim to comply with the request and exfiltrate sensitive data, attackers included language within both the body of the email and the fake landing page that denoted a sense of urgency, making it known that time was of the essence, the Armorblox post notes.
The research team also pointed out that the attack leverages the curiosity effect, a cognitive bias that can be used to exploit the users inherent urge to resolve doubt.
Each further engagement through the attack flow further aimed to increase this trust through legitimate logo inclusions, branding, and key attributes that are only affiliated with the spoofed brand, the post continues.
Even though the email came from an invalid domain, the attackers were still able to slip through Microsofts security controls, using a gamut of techniques to bypass secure email gateway (SEG) filters.
Armorblox CSO Brian Johnson notes while the companys research team does not have access to Microsoft threat detection details, they have seen a large amount of modern attacks spawn zero-day malicious links that are ephemeral in nature.
With the advent of cloud services, it is easy to spin up and spin down malicious links in minutes, he explains. These attacks can only be detected when you combine natural language understanding with artificial intelligence to go beyond static checks on known malicious links.
To protect against these types of attacks, Johnson says the basic steps include ensuring multifactor authentication (MFA) across all the organizations accounts — specifically, the ones that provide access to financial accounts.
The Armorblox post also recommends keeping an eye out for social-engineering cues, for example any logical inconsistencies within the email, and to augment native email security with additional controls.
Johnson adds that crypto-wallet phishing has become more targeted and mainstream.
As the use of cryptocurrency gains traction in both personal and business environments, it opens up another vector for malicious actors, Johnson warns.
Hackers approaches to compromising cryptocurrency and digital asset exchanges
continue to evolve
, as a series of attacks against small and midsize businesses has led to major cryptocurrency losses for the victims.
Among these malicious actors is BlueNoroff, an advanced persistent threat (APT) group thats part of the larger Lazarus Group associated with North Korea, which carried out the
SnatchCrypto campaign
in January.
Meanwhile, cryptocurrency mixing — a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — is set to grow, as ransomware and other cybercriminal enterprises increasingly lean into cryptocurrency, a November 2021
report
from Intel 471 warned.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security