Security Firm Discovers Hackers Use Google and Microsoft to Steal Crypto

Online security company NetSkope has discovered a new crypto phishing scam that utilises Google and Microsoft Azure to trick users into handing over their information. The tactic involves using SEO techniques to distribute links to copycat pages.

Other Big Names Not Immune

It’s been discovered that hackers have improved their strategies and are utilising specific SEO techniques to increase interaction with phishing sites for imposter wallet apps and exchanges impersonating notable names such as MetaMask and CoinBase.

These phishing sites are often built on Google Sites or Microsoft Azure and can take a user’s info in two ways. They will either acquire the private seeds of the user’s wallet by prompting data importation, or will pilfer info from the accounts of the exchanges being impersonated using error messages:

In this campaign, we found that the attackers are abusing Google Sites and Azure Web App to host the pages, likely due to cost, ease-of-use, and to slightly increase the victim’s trust.

Advertisement

NetSkope blog post

NetSkope has strongly recommended that “users never enter credentials after clicking on a link” and instead navigate directly to the site they wish to use, and that organisations should employ secure web gateways that can block these types of attacks.

Security Firms Have Their Work Cut Out

With crypto theft an ongoing concern on the radars of most investors and regulators, luckily security firms are keeping a watchful eye out. At the beginning of April, global cybersecurity firm ESET uncovered a criminal plot to steal users’ digital assets via apps impersonating popular cryptocurrency wallets. The plot involved more than 40 copycat crypto wallet sites intended to promote downloads of malicious apps.

Earlier in the year, blockchain security firm CertiK identified a US$10 million rug pull on Arbix Finance. The firm warned users who had engaged with the protocol to avoid it, along with its ARBX token. CertiK allegedly found several red flags in Arbix via its Skytrace tool, which analyses fraud risk.