Online security is a subject that must be assumed with great attention and sense of priority by all, and even more so if the security of our cryptoactives is involved. Recently a new malware modality has been detected to take the resources of the wallets of certain cryptocurrencies, specifically Ethereum, and it is the MEWKit malware, about which we will talk about here.
An investigation by the digital security company RiskIQ, showed that a criminal group carrying out a phishing attack using the Automated Transfer System (ATS) to empty the Ethereum wallets of MyEtherWallet (MEW) without this being detected by the system. It has been called as MEWKit to this new campaign of pishing that copies as an imitation the front end of MyEtherWallet site, in order to steal funds from the victim’s wallet.
What makes this phishing attack even more terrible is the sophistication with which the funds are extracted from the wallets of the victims. According to the researchers of the cited security company, the criminals have also devised a way to transfer funds from the victims’ wallet to theirs, which happens automatically. In terms of how it happens, the attackers empty the wallets once the victims unlock them. The fact that the attackers can steal the keys from the victim’s wallet means that they will always be in a position to steal more funds from that victim, in case the attack has not been noticed by the victim.
This phishing uses scripts that automatically carry out the transfer of funds, once the victim clicks a button as legitimate users while the theft activity remains hidden. MEWkit back end, on the other hand, allows hackers to track all ethers that are stolen while tracking private user keys.
Until now and according to the reports that are available, MyEtherWallet seems to be the most affected wallet with the almost exact copying of its front end, which has caused the phishing attack to be charging proportions of care. To this we must add the poor native security features that the MyEtherWallet wallet has in itself, since it does not have advanced security settings that allow detecting and blocking this and other types of malicious attacks.
But not everything remains in the technical configuration. To make the attack massive, the criminals have gone further. Inclusive have paid ads in Google Ad Words to position the keyword “myetherwallet”, which means an exponential recruitment of victims.
The cybercriminals perpetrators of these attacks seem to have been active for some time, according to the report of the security company that we have already quoted here. Although specific security measures have not been designed in the MyEtherWallet wallet, the recommendations that are usually given to prevent this kind of attacks are the anticipation of checking the URLs, installing extensions in the browsers to verify the security and legitimacy of the websites that are visited like MetaMask or Metacert for example, and above all, have common sense. Considering hardware to safeguard important sums in cryptocurrencies is also a good option, but everything is a matter of prudence and good judgment.