A new phishing campaign targeting Trezor hardware wallet users is in The Wild, which aims to steal cryptocurrency from victims.
Trezor said that their users’ mailing list was stolen by a MailChimp insider, who is maybe now using it to send phishing emails to Trezor users, asking them to download a fake Trezor suite app. This app is aimed at stealing the recovery phrase of users’ wallets, thereby stealing cryptocurrency balances in it.
Trezor Suite App-Based Phishing Campaign
Long-term cryptocurrency holders who wanted their coins to be safe would prefer hardware wallets like Trezor. This method of storage is safe, compared to storing coins in the cloud or in a cryptocurrency exchange. Though it’s the most secure way, there are campaigns targeting Trezor users to steal their cryptocurrency from hardware wallets.
We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp.
A scam email warning of a data breach is circulating. Do not open any email originating from email@example.com, it is a phishing domain.
— Trezor (@Trezor) April 3, 2022
As acknowledged by Trezor last week, a phishing campaign aimed at stealing Trezor wallet’s recovery phrase is in the wild. Trezor noted that their users’ mailing list was compromised from MailChimp’s end, their email partner, where an insider has stolen Trezor’s user email list.
@Trezor WARNING: Elaborate Phishing attack.
This morning I received this message to BOTH my email addresses. On the surface it looks like a genuine message but I noticed it came from https://t.co/6T8nY84R6A and as such deleted it immediately. You may want to warn everyone. pic.twitter.com/BQSB2uV1JW
— Life in DeFi (@lifeindefi) April 3, 2022
This led the threat actor to send phishing emails to Trezor users with the subject of a fake data breach notification and ask users to download a fake Trezor suite app. And when unsuspecting users click on that app link, they will be redirected to a phishing page hosting the fake app.
Trezor made their suite app open-source, letting anyone use the source code for modifying it as desired. And we expect threat actors to have used this to create a malicious clone version of the Trezor suite app.
When users download and install this, they will be asked to enter their 12-14 word recovery phrase to set up their wallet, which if did, will transport the credentials to hackers C2. And this makes it easy for threat actors to steal the stored cryptocurrency easily, remotely.
Other Trending News:- News