"Blockchain Security Firm Warns of New MetaMask Phishing Campaign"

Halborn, a blockchain security firm, has issued an alert regarding a new phishing campaign targeting MetaMask cryptocurrency wallet users. The active phishing campaign, according to a post by Halborn's technical education specialist Luis Lubeck, used emails to target MetaMask users and trick them into providing their passphrase. To warn users of the new scam, the firm analyzed phishing emails received in late July. At first glance, the email appears to be legitimate, with a MetaMask header and logo, as well as messages informing users about Know Your Customer (KYC) regulations and how to verify their wallets. However, Halborn pointed out several red flags in the message. Two of the most obvious were spelling mistakes and a forged sender's email address. Furthermore, the phishing emails were sent from a bogus domain called "metamaks.auction." Another red flag, according to the firm, was the lack of personalization in the message. Hovering over the call-to-action button reveals a malicious link to a fraudulent website that prompts users to enter their seed phrases before redirecting them to MetaMask to empty their cryptocurrency wallets. Security researchers issued a warning in late July about the appearance of a new malware strain called Luca Stealer in the wild. The information stealer was written in the Rust programming language and is designed to target Web3 infrastructure such as cryptocurrency wallets. In February, a similar malware called Mars Stealer was discovered targeting MetaMask wallets. This article continues to discuss the new MetaMask phishing campaign and other discoveries of threats targeting cryptocurrency wallets. 

Cointelegraph reports "Blockchain Security Firm Warns of New MetaMask Phishing Campaign"