Blockchain security firm SlowMist has cautioned about a surge in phishing attacks carried out by impostors posing as journalists on the recently launched decentralized social network friend.tech.

It was first flagged on October 14, when Twitter user Masiwei reported a malicious code targeting friend.tech for account theft. As per the SlowMist Security Team’s investigation, the link shared by the attacker included a malicious JavaScript script.

Attacking Process

According to SlowMist’s findings, the malicious script specifically targeted friend.tech users, with a focus on Key Opinion Leaders (KOLs) who, due to their popularity, were likely to receive interview invitations. The attacker adopted a strategy of following people within the target’s Twitter network, creating a false sense of community when users visited the attacker’s Twitter page.

The modus operandi involved scheduling interviews, guiding users to join Telegram for the interview, and providing an outline. Users, believing the interaction to be legitimate, participated in a two-hour interview with apparent hosts, anticipating publication on a reputable news website.

Post-interview, the attacker requested users to fill out a form and open a provided phishing link under the pretext of verification. The link, claiming to prevent impersonation, instructed users to verify their friend.tech account by dragging a “Verify” button to the bookmark bar and clicking on it after visiting the friend.tech website.

Upon opening the bookmark, which contained the malicious JavaScript script, users unknowingly exposed their friend.tech account credentials, including the password (2FA) and tokens associated with the embedded wallet Privy. This posed a significant risk, as both the user’s friend.tech account and the related funds were susceptible to theft.

“Our founder, Cos, also emphasized the severity of such attacks. If your independent password, i.e., the 2FA for friend.tech, is stolen, and you have set up information related to friend.tech and its embedded wallet Privy (including other relevant information in localStorage), then your private key plaintext can also be stolen.”

A

Go to Source to See Full Article
Author: Chayanika Deka

Did you like this?
Tip BTC Newswire with Cryptocurrency

Donate Bitcoin to BTC Newswire

Scan to Donate Bitcoin to BTC Newswire
Scan the QR code or copy the address below into your wallet to send some bitcoin:
Donate via Installed Wallet
[X] Click Here to Hide Donation Details

Donate Bitcoin Cash to BTC Newswire

Scan to Donate Bitcoin Cash to BTC Newswire
Scan the QR code or copy the address below into your wallet to send bitcoin:
Donate via Installed Wallet
[X] Click Here to Hide Donation Details

Donate Ethereum to BTC Newswire

Scan to Donate Ethereum to BTC Newswire
Scan the QR code or copy the address below into your wallet to send some Ether:
Donate via Installed Wallet
[X] Click Here to Hide Donation Details

Donate Litecoin to BTC Newswire

Scan to Donate Litecoin to BTC Newswire
Scan the QR code or copy the address below into your wallet to send some Litecoin:
Donate via Installed Wallet
[X] Click Here to Hide Donation Details

Donate Monero to BTC Newswire

Scan to Donate Monero to BTC Newswire
Scan the QR code or copy the address below into your wallet to send some Monero:
Donate via Installed Wallet
[X] Click Here to Hide Donation Details

Donate ZCash to BTC Newswire

Scan to Donate ZCash to BTC Newswire
Scan the QR code or copy the address below into your wallet to send some ZCash:
[X] Click Here to Hide Donation Details

CryptoPotato

CryptoPotato

BTC NewswireAuthor posts

BTC Newswire Crypto News at your Fingertips

Related Posts ...

Comments are disabled.