Posted   |     |   ethereum

RiskIQ Implicates Ethereum-Stealing Phishing ATS in Infamous Amazon Hijack

SAN FRANCISCO, May 17, 2018 (GLOBE NEWSWIRE) — RiskIQ, the global leader in digital threat management, today released a report profiling a phishing automated transfer system (ATS) dubbed MEWKit, which targets users of the Ethereum exchange MyEtherWallet and is now proven to be complicit in the infamous April 24, 2018, hijack of Amazon DNS servers. The report, named “MEWKit: Cryptotheft’s Newest Weapon,” reveals how the newly discovered attack presents an entirely new threat to the cryptocurrency landscape, exceeding the capabilities of a typical phishing kit by leveraging characteristics of ATS malware to access and steal victims’ Ethereum funds directly from the exchange.

Unlike a bank, which adds additional layers of security to its customers’ accounts, MyEtherWallet gives users direct access to the Ethereum network through their browser. This functionality, which puts fewer hurdles between attackers and a payday, explains why MEWKit was purpose-built for MyEtherWallet—and how cryptocurrency at large can be particularly vulnerable to theft.

RELATED:  AWS Blockchain Templates for Ethereum and Hyperledger Material

The research found that MEWKit consists of two parts: a phishing page mimicking the MyEtherWallet site and a server-side component that handles the wallets to which attackers transfer stolen funds once a phishing attack succeeds. While typical phishing pages usually redirect to the legitimate version of the website so the victim can log in again, MEWKit simply abuses MyEtherWallet’s unique access to the Ethereum network to make the transactions in the background. Once a user logs in, MEWKit checks their wallet’s balance and requests a receiver address from the server side. It then leverages the standard MyEtherWallet functionality by setting the attacker-owned wallet as the receiving address and transferring out the victim’s entire balance.

RELATED:  Bitcoin [BTC], Ethereum [ETH] - Inching together - Sentiment Assessment

“This attack demonstrates how actors are changing their tactics to target the unique vulnerabilities of cryptocurrency’s surrounding services and implementations,” said Yonathan Klijnsma, Threat Researcher at RiskIQ. “MEWKit combines the tactics of both traditional…

Read more…


No media yet. 

No comments yet.

Commenting is limited to those invited by others in the community
or learn more.


Add to Collection