Recently a new phishing attack has been tracked, which is invincible from investors. This attack specifically targets Ethereum wallets.
To steal the currency from Ethereum wallets and empty them, the MEWKit gang uses ATS (automated transfer system).
Their phishing campaign appears just like Ethereum wallet’s front end, which is why they go undetected by the users/investors.
Security experts have found that they also follow a unique strategy that has an automatic transfer system that attaches to the acting website, which grants them required access to decrypt the security of the wallet.
Also Read: Cryptocurrency miner to crash systems when exposed!
On decryption
After the wallet is decrypted, the wallet is drained entirely. However, they also possess the ability to steal the keys of the wallet, allowing future access as well in case the user doesn’t notice the first withdrawal.
To successfully convert a fraud transaction MEWKit uses a script that forces the transfer of the currency to MEWKit’s accounts from the hacked wallet.
As the target website is disguised to look like that of Ethereum’s, which tricks most of the user’s.
Also, the hackers can track every activity, i.e., token and key from every wallet they have infected.
This is due to the meek design of the wallet, and also how it lacks the prominent security features that many such platforms have to offer.
Unfortunately, due to this lack of high-end security, MEWKit only needs to acquire login credentials to turn the whole thing in their favor.
Recent Attacks
According to reports the most receive malware attack from MEWKit was by the end of April 2018, which had impacted Amazon’s Route 53 DNS.
During this attack, $152,000 was whipped from Ethereum digital wallets.
How does MEWKit spread?
The most common way that phishers get into someone’s crypto wallet is with a message in an email. These hijackers can get into your computer through malicious email attachments and download links present in the body of the mail.
This emails usually appear to be from your cryptocurrency account, which actually is their target and they need your credentials for the same, i.e., EtherDelta, PayPal, or MyEtherWallet.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
