CipherTrace alerts Metamask of a phishing Chrome extension

CipherTrace posted a warning as well as a message to the Metamask team to help take down the malicious Chrome extension.

By · Dec 4, 2020 . 5min read

Metamask phishing Chrome extension news

Popular cryptocurrency intelligence firm CipherTrace has called on the attention of Metamask to look into a phishing Chrome extension which has maliciously led to losses of funds.

In a website update, CipherTrace posted a warning as well as a message to the Metamask team to help take down the malicious Chrome extension. According to CipherTrace, The fraudulent browser extension is directing information to maskmeha[.]io, which then subsequently redirects to https[:]//installmetamask[.]com.

Digging further, the phishing website which the Chrome extension directs to only got registered a few days back. Specifically, looking up the domain on whois.com shows 25th November 2020 as registration date.

CipherTrace alerts Metamask of a phishing Chrome extension

CipherTrace also went ahead to supply the IP details of the malicious website.

First Seen Date: 11/26/20
Thumbprint: a7f5485707f9ff4dbb3bc75bf78e6029ea5add58

IPs:
172[.]67[.]203[.]220
104[.]27[.]160[.]92
104[.]27[.]161[.]92

Apparently, someone who goes by the handle @dmazorosete had already made the same complaint on Twitter a week back calling the attention of Metamask to intervene as regards the phishing URL.

CipherTrace alerts Metamask of a phishing Chrome extension
Source: Twitter

Whale Community published a post with the Metamask Phishing link.

For reference, Metamask’s official domain is metamask.io which some may not really be paying attention to. For instance, CipherTrace reported that $WHALE Community published a post on Medium referencing the Metamask phishing link. Checking through the link again, it appears WHALE Community had noticed their costly mistake and implemented the needed changes.

Meanwhile, Metamask had called out Google for allowing phishing ads mimicking the real Metamask to float on Google Ads and remaining there for days now. The Ads display on Google’s front page whenever you run a search on the word “Metamask”. Google hasn’t replied or made any attempt to take down the malicious ad.

Brad Garlinghouse, CEO of Ripple, passed a similar comment on issues of this sort recently also. Like domain registrars and hosting services have allowed the phishing Metamask website to remain online, so have Ripple’s clone also.

Follow Cryptodose for daily updates.

Share
       
         All News