2 min read

Attackers Masquerade as Support Agents to Bypass Cryptocurrency Exchange 2FA

Vlad CONSTANTINESCU

November 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Attackers Masquerade as Support Agents to Bypass Cryptocurrency Exchange 2FA

Researchers identified a new wave of phishing attacks seeking to steal cryptocurrency, with perpetrators trying to bypass multi-factor authentication (MFA) by masquerading as support agents for popular crypto platforms.

The attackers deployed several phishing sites using the Microsoft Azure Web Apps service and tricked victims into accessing them through fake suspicious activity emails or rogue transaction confirmation requests.

Security experts have been tracking the campaign since 2021 when it focused exclusively on Coinbase. However, recent analysis from cybersecurity firm PIXM shows the threat actors have broadened their range to include other popular platforms, such as Crypto.com, KuCoin and MetaMask.

The attack follows a four-step pattern:

  1. MFA and credential interception and relaying
  2. Impersonating a customer support agent
  3. Malicious remote desktop session
  4. Stealing the funds

After the victim lands on a phishing website associated with the campaign, they’re required to log in to their account. Regardless of the legitimacy of their credentials, the site prompts them with an MFA request. Attackers will then attempt to relay the credentials and MFA code to the legitimate platform while opening a chat window to engage with the user.

The threat actors pose as customer support agents, keeping the victim chatting until the criminals can log in to their accounts, asking their victims for credentials and MFA code if the initial ones fail or expire.

If the above techniques fail, the malicious group asks the victim to allow a remote desktop connection to their device through the popular “TeamViewer” utility. This lets attackers hijack their victims’ desktop sessions, bypass MFA, and log in to their crypto accounts. Finally, after authenticating to the victim’s account, perpetrators drain their wallets.

In the meantime, attackers try to keep the victim engaged in the chat so that they can bypass any unexpected bump in the road, such as additional confirmation emails or text messages.

Some simple tips to avoid falling prey to the malicious campaign above include:

  • Thoroughly check the URL; phishing websites often use URLs that are similar to legitimate websites (e.g.,metammask, coinbsae, Crpyto.com)
  • Use an anti-phishing phrase on supported platforms
  • Note that phishing emails often have an alarmist tone, designed to trick you into panicking and accessing malicious URLs without carefully checking them
  • Check whether the sender’s domain matches the organization’s domain
  • Instead of clicking on URLs you receive via email, try looking up the website and accessing it manually
  • Don’t give out your credentials, MFA codes or wallet’s seed phrase to anyone
  • Refrain from giving unknown individuals access to your device via remote desktop software

Dedicated software such as Bitdefender Ultimate Security can keep you safe against phishing attacks and other e-threats, with features like:

  • Anti-phishing module that detects and blocks websites that masquerade as legitimate ones to steal your data or funds
  • Anti-fraud filtering system that warns you against websites that might try to scam you
  • Anti-spam module that filters irrelevant messages in your local email clients’ inboxes (Thunderbird, Microsoft Outlook)
  • Web attack prevention system that lets you know if an URL can be accessed safely and blocks known infected links

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read