There’s a new phishing bot that’s targeting unsuspecting MetaMask users.
The digital currency wallet warned its users against the bot on Twitter. It reportedly poses as an instant support portal before attempting to mislead the users into giving up their seed phrases.
MetaMask has soared in popularity in recent years amid the rising adoption of digital currencies. The wallet recently revealed that it had crossed the five million users’ mark. It attributed the milestone to its rapid growth in the global south, including India, Indonesia, Vietnam, and Nigeria. This milestone came just six months after it hit one million users.
The rise of MetaMask has made it a target for scammers, and the latest is targeting social media users. MetaMask took to Twitter to alert its users of the phishing bot.
The malware uses an account that looks “common”. But only with a few followers, the wallet is revealed. Metamask explained that the bot “helpfully suggests filling out a support form on major sites like Google Sheets which are hard to block,”
On the Google Sheets, the bot tries to get the user to key in their seed phrase, through which they surrender control of their wallets to the scammers.
MetaMask reminded its users that the easiest way to avoid such scammers is to seek support from within the app.
“You will find that MetaMask always directs to our own domain, http://support.metamask.io. You don’t have to take my word for it! Check the menu in app!”
Metamask Calls For Community Support
The ewallet firm calls on everyone to assist in taking down such scammers and report them whenever they encounter them.
MetaMask is no stranger to phishing attacks. In one of the most significant attacks on its users; MetaMask reported a scam campaign in December that mimics its website and steals from unsuspecting users.
In a blog post, the MetaMask team stated that,
“In a rotten seed phrase attack, a malicious website mimics the website of the wallet the user is trying to install. The fake website takes the user through an imitation of the wallet’s onboarding flow directly inside of the scammer’s website (instead of where it would typically occur after the wallet is installed).”
Reaching the last part of the fake onboarding process,; the scammers instruct the user to back up their seed phrase as is the norm.
“However, the seed phrase provided was previously generated by the scammer. After backing up this rotten seed phrase, the user is taken to the wallet’s real website, and is instructed by the scammer to install the wallet and import the rotten seed phrase.”
At this phase, the scammers have taken complete control of their victim’s MetaMask wallet, and once he funds the account, they drain it instantly.
MetaMask additionally explained at the time that such scammers were even promoting their scams via paid ads on Google.
📣 Cryptonetwork.News is now on Telegram. Click here to join our channel and stay updated with the latest Cryptocurrency, Blockchain, and Cryptomining headlines.
No Comment