Bleeping Computer reports that on Twitter users of Trust Wallet and MetaMask wallets are actively being attacked by the phishers posing as technical support. The goal of this campaign is to steal users’ cryptocurrency.
MetaMask and Trust Wallet mobile applications allow you to create wallets for storing, buying, sending and receiving various cryptocurrencies and NFTs. When the user first launches any of the applications, he is prompted to create a new wallet. As part of this process, you will need to come up with a 12-word recovery phrase and save it in a safe place, because the phrase is needed to create private keys to access the wallet. That is, anyone who knows this phrase can import the wallet to their device and use the funds stored in it.
A malicious campaign has been going on on Twitter for about two weeks. It all starts with the fact that an ordinary and real user of MetaMask or Trust Wallet complains on a social network about a certain problem that he faced (from the theft of funds and problems with access to the wallet, and difficulties using the application).
Scammers promptly respond to such tweets, posing as an application support service, or as another user who claims that Instant Support recently helped him with exactly the same problem. Messages recommend that future victims go to docs.google.com or forms.app to fill out a support ticket and get help.
After clicking on the link, the user will see a phishing page supposedly designed to fill out an application to support Trust Wallet or MetaMask. Here, the victim will be asked for an email address, name, asked to describe the problem, and then asked to enter a 12-word wallet recovery phrase.
If a gullible user falls for the bait of scammers and tells them his phrase, the attackers can import the victim’s wallet to their device and steal all the cryptocurrency.
Journalists note that in such a situation very little can be done, and the victims are unlikely to be able to recover their funds. The publication emphasizes that the phrase for restoring the wallet in no case should be disclosed to anyone, on any sites or applications.
ProApk on Google News – http://bit.ly/pro-apk-google-news
ProApk on Telegram – http://t.me/proapk_in
ProApk on Twitter – http://twitter.com/xdapirates
ProApk on Facebook – http://bit.ly/pro-apk-facebook