Guardio, a cyber security startup has uncovered a sophisticated phishing campaign targeting crypto and metaverse users using non-custodial wallets such as MetaMask.
Attackers Double Down on Phishing Campaigns
In their recent blog post, the Guardio research team noticed that the nefarious operation runs at full-throttle in breadth and depth. The cybersecurity startup picked out that hackers were using time-tested web infiltration tactics like domain typo-squatting techniques accelerated by malvertising campaigns where victims end up unknowingly approving payment to attackers via cloned websites of leading NFT and metaverse brands like OPENSEA and more.
Typically, these NFT and metaverse websites offer a very high level of functionality and use a complex flow of wallet connections, primarily relying on non-custodial wallets, of which the most popular is MetaMask. Using black hat SEO and aggressively campaigning through paid Google AdWords, cloned and malicious websites are ranked on the first page of search results, subsequently funneling in thousands of victims.
Of note, the Guardio said these cloned websites, in their hundreds, are “flying under the radar” and cannot be detected by in-built browser protection mechanisms and traditional antivirus programs.
