Hackers build like-for-like open-source app to try and steal crypto – PC Gamer

0
614

PC Gamer is supported by its audience. When you buy through links on our site, we may earn an affiliate commission. Learn more
By published
Just enter that incredibly important key phrase here, thank you.
Phishing attacks have already been proven to be a danger to all kinds of PC users in 2022 but are especially rampant in crypto and NFT spaces. We’ve already seen scammers use Discord to try to steal cryptocurrencies, and NFTs swindled in the OpenSea phishing scam.
Now the cryptocurrency wallet provider, Trezor has found its users under attack. Reported by Bleeping Computer, Trezor’s mailing list was used to target users, and trick them into downloading a fake version of the software designed to steal their crypto assets.
The original Trezor software is open source, so the code is available to download and in this case be manipulated by others. It’s likely this spoofed version is just very so slightly changed from the original as it still even has the Trezor banner warning customers to beware of phishing scams.
Once downloaded, the software asks for a recovery phrase that would have been set by the user when setting up their wallet the first time. This recovery phrase acts as a key to get back into the wallet if lost. Once the user enters the key, then it’s game over. The recovery phrase is sent back to the scammers who can now claim all your crypto assets for themselves.Windows 11 Square logoWindows 11 review: What we think of the new OS
How to install Windows 11: Safe and secure install
What you need to know before upgrading: Things to note before downloading the latest OS
Windows 11 TPM requirements: Microsoft’s strict security policy
It goes without saying that you should always be incredibly careful using recovery keys for anything online. With phishing scams this sophisticated it can be incredibly difficult to tell a legitimate site or program from a fake. Even the websites associated with the download for this particular scam looked legitimate due to the use of special characters. It’s always a good idea to double check anything asking for a security key or password, there are absolutely dragons out there. 
Trezor believes this particular dragon targeted one of its newsletters hosted on the automated email platform Mailchimp and was co-opted for nefarious purposes. Trezor also stated in a tweet that Mailchimp confirmed that an insider had targeted crypto companies, but there’s yet to be a statement from Mailchimp itself on the issue.
MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/April 3, 2022
For now it’s best to treat every email with a bit of suspicion, and definitely do a few checks before handing over any information, or installing files onto your PC. Logging into the service normally on a different browser or machine is always a smart step if something looks suspicious. Typing links manually instead of clicking on them, and double checking them against the known website is also a good move to avoid trouble.
With all these hacks targeting crypto currencies in particular, it could be that avoiding them all together may also be the best way to stay safe out there in these interesting times. And don’t forget to update your passwords!
Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Vooks.net. Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find her fictional chill out ambient far future sci-fi radio show/album/listening experience podcast at BlockbusterStation.buzzsprout.com. No, sadly she’s not kidding. 
Sign up to get the best content of the week, and great gaming deals, as picked by the editors.
Thank you for signing up to PC Gamer. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.
PC Gamer is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

source