Title: MEWKit Drains ETH Wallet – Crypto Phishing Attack
1About Us
iZOOlogic is an internet company dedicated to
providing niche brand protection and phishing
solutions. iZOOlogic Provides Fraud Prevention,
Anti-Phishing Solutions, Malware Protection amp
Brand Protection Solutions to protect electronic
channels from cybercrime.
www.izoologic.com
2Must Know About
MEWKit Drains ETH Wallet Crypto Phishing Attack?
www.izoologic.com
3Crypto Phishing Attack
We have to be aware on how our private
information and security is being handled.
Crypto currency exchanges are no exception,
because malicious attacks such as phishing and
its kind exists, and has already found a way to
exploit the technology. Aside from technology
being exploited, the general public is also a key
aspect for attackers to gain success.
www.izoologic.com
4Phishing Attacks used by cyber-criminals to steal
crypto-currencies
5www.izoologic.com
6Crypto Phishing Attack
Lately the boom of Cryptocurrency has attracted
all sort of people belonging to different
profiles in life. Cybercriminals who uses social
engineer is well aware of that and will always be
actively finding ways to take advantage of
this. Lately a criminal group took advantage and
is currently taking advantage of the crypto
currency boom specifically on peoples Ethereum
wallets and then steal the contents which a kit
was developed to fulfill their modus. The kit is
called MEWKit which was discovered by the
researchers of RiskIQ. The kit copys the
MyEtherWallet webpage in order to steal
credentials from unsuspecting victims, and at the
same time deploys a script to automate an
ethereum wallet transfer to process the
information stolen by the phishing site and
transfer funds. The process here can be real
time, the Ethereum wallet of victims can be
stolen the moment right after they willingly
enter their credentials to the copycat page of
MyEtherWallet.
www.izoologic.com
www.izoologic.com
7Crypto Phishing Attack
The script would make it look like it creates a
fund transfer by executing the commands like a
real user would, all while the procedure remains
in stealth. Security researchers point out that
it is the first time an attack has been seen to
use this automated tactic. MEWKit has the feature
to allow the phishing authors to survey how much
Ethereum has been collected, as well as storing a
record of private user keys and passwords which
can be used for further attacks. With this
new-type of phishing modus which focuses on both
traditional and new generation phishing attacks,
the best way to avoid being a victim is to ensure
that the MyEtherWallet website is opened on the
browser and not through click-through URLs.
Always be careful when using online facilities,
stay vigilant and pro-actively open sites via the
browser URL itself.
www.izoologic.com
8Contact Us
14 Hanover Street, W1S 1YH City of Westminster,
London UNITED KINGDOM
44 20 3734 2726
info_at_izoologic.com
www.izoologic.com