SAN FRANCISCO, May 17, 2018 (GLOBE NEWSWIRE) — RiskIQ, the global leader in digital threat management, today released a report profiling a phishing automated transfer system (ATS) dubbed MEWKit, which targets users of the Ethereum exchange MyEtherWallet and is now proven to be complicit in the infamous April 24, 2018, hijack of Amazon DNS servers. The report, named “MEWKit: Cryptotheft’s Newest Weapon,” reveals how the newly discovered attack presents an entirely new threat to the cryptocurrency landscape, exceeding the capabilities of a typical phishing kit by leveraging characteristics of ATS malware to access and steal victims’ Ethereum funds directly from the exchange.
Unlike a bank, which adds additional layers of security to its customers’ accounts, MyEtherWallet gives users direct access to the Ethereum network through their browser. This functionality, which puts fewer hurdles between attackers and a payday, explains why MEWKit was purpose-built for MyEtherWallet—and how cryptocurrency at large can be particularly vulnerable to theft.
The research found that MEWKit consists of two parts: a phishing page mimicking the MyEtherWallet site and a server-side component that handles the wallets to which attackers transfer stolen funds once a phishing attack succeeds. While typical phishing pages usually redirect to the legitimate version of the website so the victim can log in again, MEWKit simply abuses MyEtherWallet’s unique access to the Ethereum network to make the transactions in the background. Once a user logs in, MEWKit checks their wallet’s balance and requests a receiver address from the server side. It then leverages the standard MyEtherWallet functionality by setting the attacker-owned wallet as the receiving address and transferring out the victim’s entire balance.
“This attack demonstrates how actors are changing their tactics to target the unique vulnerabilities of cryptocurrency’s surrounding services and implementations,” said Yonathan Klijnsma, Threat Researcher at RiskIQ. “MEWKit combines the tactics of both traditional…