Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain

A crypto intelligence firm has raised red flags about an increasing flow of comments in the crypto community about an ongoing phishing campaign, which is stealing funds from people who install a malicious browser extension.

Chrome Browser Extension Is Redirecting Crypto Users to a Fake Metamask Site

According to an alert published by Ciphertrace, since December 2, 2020, they have been noticing “an uptick of alerts and comments” about crypto funds stolen via a Chrome browser extension posing as the ethereum (ETH)-based wallet Metamask.

The fraudulent extension redirects victims to installmetamask.com, which is not an official site of Metamask. Per Whois information, the web domain was registered on November 29, 2020. Ciphertrace found out the first mention in Twitter of the fraudulent domain from a user who asked Metamask team about the site’s authenticity.

The screenshots taken to the fake MetaMask site mirrors the real one:

Fraudster Is Paying for Ads to Promote Phishing Site

Moreover, U.S.-based Ciphertrace posted an update on December 3, 2020, detailing that phisher behind Metamask’s fake extension keeps buying sponsored ads on Google, which appear when people search for “metamask” term.

This time, sponsored ads have been relying on other domain names by attempting to impersonate Metamask. One of the domains (meramarks.io), however, is offline as of press time.

if (!window.GrowJs) { (function () { var s = document.createElement(‘script’); s.async = true; s.type = ‘text/javascript’; s.src = ‘https://bitcoinads.growadvertising.com/adserve/app’; var n = document.getElementsByTagName(“script”)[0]; n.parentNode.insertBefore(s, n); }()); } var GrowJs = GrowJs || {}; GrowJs.ads = GrowJs.ads || []; GrowJs.ads.push({ node: document.currentScript.parentElement, handler: function (node) { var banner = GrowJs.createBanner(node, 31, [300, 250], null, []); GrowJs.showBanner(banner.index); } });

The firm has been in contact with the crypto wallet company about the situation. Also, Metamask issued the following warning through their official Twitter account:

@Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links.

Back on January 02, 2020, Google reversed its decision to ban the Metamask app from the Play Store, as per request from the crypto community.

In 2019, the company argued that its strict content policy on apps that expose users to “deceptive or harmful financial products and services” was a reason for the ban.

Have you or a friend been a victim of similar crypto-related phishing scams? Let us know in the comments section below.

The post Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain appeared first on Bitcoin News.

[…]
Learn more