This article details breaking news of MEWKit as reported by RiskIQ.
In theory, cryptocurrency users enjoy safer financial transactions than traditional banking options. However, the visibility of crypto-hacks and ransomware attacks that demand cryptocurrency over the last year have called this theory into question.
What’s more, digital threat management firm RiskIQ recently identified a new group of bad actors targeting Ethereum wallets with phishing schemes.
What is MEWKit, how does it work, and how can you protect yourself?
What it is and how it Works
RiskIQ released a press release May 17th, 2018 at 6 AM Eastern Time detailing the attack. The phishing scam imitates MyEtherWallet’s front-end interface in order to steal credentials.
MEWKit then activates an “automated transfer system” in order to process details attained on the fake page for fund transfers. It works by injecting scripts into your active sessions, transferring ETH amounts shortly after you log in.
Researchers say that hackers prefer MyEtherWallet due to its ease of access and simplicity.
After infection and decryption, the group drains the account, but all MEWKit activity remains hidden. Threat Researcher Yonathan Klijnsma from RiskIQ elaborated on why the MEWKit attack should alarm people.
“This attack demonstrates how actors are changing their tactics to target the unique vulnerabilities of cryptocurrency’s surrounding services and implementations…”
Not Much on the Protection Front yet
Researchers don’t yet know how MyEtherWallet users can best defend themselves. They also don’t yet know which criminal group initiated the MEWKit attacks.
But they advise MyEtherWallet users to be mindful of which URLs they use. Either use “…a bookmarked page for MyEtherWallet or type in the username yourself…”
You can access the full report on RiskIQ’s website after entering some information.