Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cryptocurrency Users. Show all posts

A Malicious Firefox Add-On Targets Cryptocurrency Users

 

Covid-19 pandemic has turned the world upside down in the last year and a half, leaving us with no option but to rely more on digital solutions – from using food delivery to online banking. Needless to say, the more one relies on the digital world, the more vulnerable one becomes to online scams. 

Now, scammers are targeting cryptocurrency users via a Firefox add-on named after SafePal. Dozens of Firefox users have fallen prey to an add-on masquerading as a valid extension of the SafePal cryptocurrency hardware wallet. What’s surprising is that this malicious add-on has lived on Mozilla’s Firefox web browser for almost seven months. 

SafePal is a cryptocurrency wallet application capable of safely holding over 10,000 asset types, including Bitcoin, Ethereum, and Litecoin. It is backed by Binance and it is now being used by over 2 million users in over 146 countries across the globe. While Safepal has official smartphone apps available on both the Apple AppStore and Google Play, no genuine Safepal extensions are known to exist for the Firefox browser. 

The issue was highlighted by one of the victims, named Cali, in Firefox support group. “Today I browsed true the add-on list of Mozilla Firefox I was searching for Safepal wallet extension to use my cryptocurrency wallet also in the web browser. So, my searching ended on the following page: https://addons.mozilla.org/nl/firefox/addon/safepal-wallet/ 22,” she wrote on the support page.

“8 hours later I checked if my funds were still saved on my phone software wallet also from Safepal I saw nothing $0,- balance I was deep in shock I saw my last transactions and saw that my funs ($4000),” she added.

As reported on the Safepal Wallet home page, the add-on was released on 16 February 2021. The same page says that the 235 KB add-on is a Safepal application that securely "saves private key locally." It also has product images and convincing-looking marketing materials.

In order to publish an add-on on Mozilla's website, developers are required to follow a thorough submission process. Firefox’s developer platform says that the submitted add-ons are "subject to review by Mozilla at any time." However, the extent of such a review isn’t specified, nor has Mozilla explained how the fake add-on managed to get listed. 

Fortunately, Mozilla Firefox has taken down the extension. “When we become aware of add-ons that pose a risk to security and privacy according to our Add-on Policies, we take steps to prevent them from running in Firefox. In this instance, shortly after we became aware of potential abuse by this extension, we took action to block and remove it from the Firefox Add-on store," a Mozilla spokesperson stated.

Beware of New Advance Fee Fraud Scheme Targeting Cryptocurrency Users

Researchers at Proofpoint have detected a new series of email fraud campaigns trying to lure potential victims with the promise of a considerable amount of tax-free cryptocurrency.

In this new Advance Fee Fraud scheme, scammers employ advanced social engineering tactics and send potential target functioning sets of login credentials to fake cryptocurrency exchange platforms and then tempt victims with the promise of being able to withdraw hundreds of thousands of dollars worth of cryptocurrency from an already established account on the platform.

Sophisticated Campaigns 

Although similar to other conventional Advance Fee Fraud techniques, these new campaigns are highly sophisticated from a technical point of view and are fully automated. They also require substantial victim interaction as a victim would first need to login into the platform and create their own account on it to even begin trying to withdraw any cryptocurrency. 

In a new write-up, Proofpoint researchers highlight the fact that the use of cryptocurrency is notable because it delivers anonymity for both the scammer and the potential target. Potential victims may fall into the trap of how the money would be acquired anonymously and tax-free since it is in Bitcoin.

Proofpoint researchers say they first discovered the campaign in May 2021 using a coins45[.]com landing page. The most recent version, which started in July, directs potential victims to securecoins[.]net. 

According to the Proofpoint researchers, every single email strategy has been dispatched to anywhere from tens to hundreds of recipients across the globe. However, emails from the same campaign comprise the same credentials for all recipients and it appears that multiple people can log in with the same user ID and password if they log in from a unique IP address and browser. The moment the potential target changes the password and adds a contact number though, the account becomes exclusive and victims will not see any traces of other victims' activities. 

Consumers that create an account for the phony cryptocurrency platform will see that there is 28.85 BTC in their bitcoin wallet. To get this money out of their funds, victims first require to transfer 0.0001 BTC to ensure everything works smoothly. After successfully accomplishing this, victims discover that the minimum withdrawal amount is 29.029 BTC and they must add more money in order to be able to withdraw the full amount. However, even if they do add the required funds, they won't be able to withdraw all of their Bitcoin from their account on the platform. 

As is the case with other email fraud campaigns, users need to remain cautious of any emails from unknown senders promising them a financial incentive. While Proofpoint has identified and brought light to a number of these campaigns, the firm's researchers believe that the scammers accountable will continue to evolve their strategies in future campaigns.