>
Cybercriminals are targeting users of cryptocurrency platforms Coinbase, MetaMask, Crypto.com and KuCoin with a brand new phishing campaign that aims to steal massive amounts of money.
PIXM researchers recently uncovered a campaign that uses legitimate web hosting services, in this case Microsoft Azure Web Apps, to host multiple phishing sites and bogus landing pages, while attempting to trick victims into giving away their passwords and other credentials.
The method is similar to what we have seen in the past – the victim receives an email stating that their Coinbase/KuCoin account has been suspended due to suspicious activity or something similar. The email asks for an urgent response from the victim and contains a link for them to contact.
Bypass MFA
The link directs the victim to a fake customer support chat window, where the attackers on the other end of the line instruct the victim to log in and provide a link to do so. Everything the victim shares at this point ends up in the hands of the attackers, including multi-factor authentication (opens in new tab) (MFA). While talking to the victim, the attackers will simultaneously try to log into the actual service, making MFA useless.
However, the attack does not stop there. Even if the attackers manage to log into the victim’s account, they still keep them on a leash and busy, stripping the account of all cryptocurrency. Some platforms require further confirmation during recording, which is probably what the attackers wanted to fix.
Finally, if nothing else works, they ask the victim to install TeamViewer or a similar remote desktop access app and perform the task themselves.
As usual, the researchers warn users not to fall for these scams and to remember that emails originating from legitimate services almost never carry a sense of urgency.
Through: Beeping computer (opens in new tab)