A crypto intelligence company has raised red flags over an increasing stream of comments in the crypto community about an ongoing phishing campaign, stealing money from people installing a malicious browser extension.
Chrome browser extension redirects crypto users to a fake metamask site
According to a warning published by Ciphertrace, they have been noticing “an increase in warnings and notes” since December 2, 2020 about crypto funds stolen through a Chrome browser extension masquerading as the ethereum (ETH)-based wallet Metamask.
The rogue extension redirects victims to installmetamask.com, which is not an official Metamask site. According to Whois, the web domain was registered on November 29, 2020. Ciphertrace discovered the first mention in Twitter of the fraudulent domain from a user who asked the Metamask team about the site’s authenticity.
The screenshots taken to the fake MetaMask site reflect the real one:
The fraudster pays for ads to promote phishing sites
In addition, US-based Ciphertrace posted an update on December 3, 2020, detailing that the phisher behind Metamask’s fake extension keeps buying sponsored ads on Google, which appear when people search for the term “metamask.”
This time, sponsored ads rely on other domain names by trying to impersonate Metamask. However, one of the domains (meramarks.io) has been offline since the press.
The company has been in touch with the crypto wallet company about the situation. Also Metamask issued the following warning via their official Twitter account:
@Google allows a phisher to purchase sponsored ads from their search results. If you are using crypto, try to use direct links, and if you must use search, look out for sponsored links.
Back on January 2, 2020, Google other way around his decision to ban the Metamask app from the Play Store, at the request of the crypto community.
In 2019 the company has argued that strict content policies for apps that expose users to “deceptive or harmful financial products and services” drove the ban.
Have you or a friend been the victim of similar crypto-related phishing attacks? Let us know in the comments below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or invitation to an offer to buy or sell, or a recommendation or endorsement of products, services, or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.