Skip to Content
Security & privacy

New phishing attack will drain your bank account

Cryptocurrency is one of those things that most of us have heard about and maybe even discussed, even if we don’t truly understand it. But for those who have a good grasp of it, opportunity awaits.

Though there is not a centralized bank for cryptocurrency, it is not immune from people trying to rob it. Unlike the bank heists of the past, these crimes are committed purely online.

As cryptocurrency becomes more valuable you can expect more people to join in, and as more join in, criminal efforts surrounding it will ramp up. A new group has recently emerged, with a first-of-its-kind attack that is rather sophisticated in nature.

It’s as effective as it is new

Researchers at the security company RiskIQ discovered it, and have since named it “MewKit.” It is an automated transfer system that phishes from people who use the Ethereum exchange MyEtherWallet by directly stealing from their accounts.

According to RiskIQ, MewKit is more than just phishing. The way they see it, it represents a big-time shift in the cyber threat landscape.

It works by mimicking the front end of the MyEtherWallet website with the goal of stealing users’ credentials. Through its automated transfer system, information captured by the fake page is processed and then used to transfer funds.

The back end of MewKit lets the hackers monitor how much Ethereum has been taken, while also storing a private record of user keys and passwords.

The nitty-gritty

MewKit’s attack involves injecting scripts into active web sessions, from where it quietly and without detection transfers funds within moments of the user logging into their account. As it is, MyEtherWallet is an enticing target because it is easy to use and lacking in certain security features, at least when compared to other banks or exchanges.

Upon gaining the necessary credentials through the phishing attack, criminals are able to steal from accounts when the victim decrypts their wallet. It is a new way of attacking the cryptomarkets, one that uses tactics of traditional phishing along with the functionality of an automated transfer service.

When combined with a market with less-than-impressive security, like MyEtherWallet, those make for something to be very mindful of. Thus far security researchers have not been able to determine who is behind the attack, but the location of some IP addresses leads to the belief that the operation is run by a Russian speaker who understands financial terms.

How do I avoid MewKit?

It appears the people behind MewKit have been in the hacking game for a while now, having launched some sophisticated attacks. This one is specific to MyEtherWallet, which means if you do not use the platform then there is nothing to worry about.

However, if you do use it — or any other cryptocurrency service — it is important to pay close attention to what URL you open up to. If you have not bookmarked the actual page already, be sure the one you go to is the real deal.

Generally, links to the site will not be sent out via email or social media, and if they are there’s a good chance they are fake.

Did you know dogs can help solve cybercrime?

We are used to stories about the heroism of police dogs. Whether they are helping police arrest a criminal or sniffing out drugs and bombs, they truly are man’s best friend. Click here to learn about what else they can do.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days