Modal Phishing Attacks Targeting Mainstream Wallets: What You Need to Know

It is reported that the security company CertiK disclosed on social media that hackers are carrying out \”modal phishing\” attacks on mainstream wallets such as MetaMask, and control

Modal Phishing Attacks Targeting Mainstream Wallets: What You Need to Know

It is reported that the security company CertiK disclosed on social media that hackers are carrying out “modal phishing” attacks on mainstream wallets such as MetaMask, and controlling the “modal window” of unmanaged wallets by sending phishing messages to mobile wallets identified as legitimate decentralized applications (dApps), in order to induce their owners to approve wrong transactions, The user may think that he or she is approving a ‘security update’ through the MetaMask wallet. The CertiK team reminds and emphasizes that users should be very cautious and even skeptical about every unknown transaction request – even those marked as security upgrades.

Security company: hackers are carrying out “modal phishing” attacks on mainstream wallets such as MetaMask

Introduction

CertiK, a leading security company, recently disclosed on social media about the emergence of “modal phishing” attacks that are targeting mainstream wallets such as MetaMask. These attackers are controlling the “modal window” of unmanaged wallets by sending phishing messages to mobile wallets that are recognized as legitimate decentralized applications (dApps). The aim of the attackers is to trick users into approving wrong transactions that they believe to be a security update through their MetaMask wallet.

What is Modal Phishing?

Modal phishing is a type of attack where the hackers manipulate the modal window of the user’s wallet user interface (UI). The modal window is a pop-up window that appears when a user is performing a transaction or other activity on their wallet. In this type of phishing attack, the hacker creates a fake modal window that mimics the legitimate window of the wallet UI. The purpose of this fake window is to trick the user into inputting their private key.

How Hackers are Carrying Out Modal Phishing Attacks

According to the CertiK team, the hackers send phishing messages to mobile wallets that are recognized as legitimate dApps. These phishing messages are designed to entice the users to update their wallets, and when the user clicks on the message, a malicious website is opened, giving the hacker access to the user’s wallet. The hacker then proceeds to initiate a transaction request and tricks the user into approving the transaction by creating a fake modal window that looks identical to the wallet UI.

How to Stay Safe from Modal Phishing Attacks

The CertiK team has advised users to be very cautious and even skeptical of every unknown transaction request – even those marked as security upgrades. You can also take some practical steps to protect yourself from modal phishing attacks. These include:
1. Only download wallets and dApps from trusted sources.
2. Never input your private key on any website other than the official wallet UI.
3. Always verify the URL of a website before inputting your private key.
4. Use two-factor authentication (2FA) to secure your wallet.
5. Enable a hardware wallet if available.
6. Regularly update your wallet and dApps to the latest version.

Conclusion

Modal phishing attacks represent a new challenge for the cryptocurrency community. The attackers are becoming more sophisticated, and the risks associated with these attacks are high. As a user, you must stay alert and implement best practices to protect yourself from these attacks. Always be skeptical about every unknown transaction request and never input your private key on any website other than the official wallet UI.

FAQs

1. What is modal phishing?
Modal phishing is a type of attack where the hackers manipulate the modal window of the user’s wallet user interface (UI).
2. How do hackers carry out modal phishing attacks?
Hackers carry out modal phishing attacks by sending phishing messages to mobile wallets that are recognized as legitimate dApps. When the user clicks on the message, a malicious website is opened, giving the hacker access to the user’s wallet.
3. How can I stay safe from modal phishing attacks?
To stay safe from modal phishing attacks, you should only download wallets and dApps from trusted sources, never input your private key on any website other than the official wallet UI, always verify the URL of a website before inputting your private key, use 2FA to secure your wallet, and regularly update your wallet and dApps to the latest version.

This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/14624/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.