MEWKit Drains ETH Wallet – Crypto Phishing Attack

May 28, 2018
Crypto Phishing Cyber-Threat Attack

We have to be aware on how our private information and security is being handled. Crypto currency exchanges are no exception, because malicious attacks such as phishing and its kind exist, and have already found a way to exploit the technology. Aside from technology being exploited, the general public is also a key aspect for attackers to gain success.

Lately, the boom of Cryptocurrency has attracted all sorts of people across all demographics. Cybercriminals who uses social engineer is well aware of that and will always be actively finding ways to take advantage of this.

Lately, a criminal group took advantage and is currently taking advantage of the cryptocurrency boom specifically on people’s Ethereum wallets to steal the contents with a kit that was developed to fulfill their modus.

The kit is called MEWKit which was discovered by the researchers of RiskIQ. The kit copy’s the MyEtherWallet webpage in order to steal credentials from unsuspecting victims, and at the same time deploys a script to automate an Ethereum wallet transfer to process the information stolen by the phishing site and transfer funds. The process here can be real-time, the Ethereum wallet of victims can be stolen the moment right after they willingly enter their credentials to the copycat page of MyEtherWallet. The script would make it look like it creates a fund transfer by executing the commands like a real user would, all while the procedure remains in stealth. Security researchers point out that it is the first time an attack has been seen to use this automated tactic.

MEWKit has the feature to allow the phishing authors to survey how much Ethereum has been collected, as well as storing a record of private user keys and passwords which can be used for further attacks.

With this new type of phishing modus which focuses on both traditional and new generation phishing attacks, the best way to avoid being a victim is to ensure that the MyEtherWallet website is opened on the browser and not through click-through URLs. Always be careful when using online facilities, stay vigilant, and pro-actively open sites via the browser URL itself.

About the author

Leave a Reply