Wallet customers received an email enticing them to download malicious malware to steal their cryptocurrencies. Trezor confirmed that there was a gap in the list of email addresses subscribed to his newsletter.
The wallet users hardware of cryptocurrencies Trezor are the target of a new phishing campaign seeking to steal funds from unsuspecting investors. Over the weekend, several users of the popular crypto wallet took to Twitter to denounce the attempted attacks.
According to reports collected by Cointelegraphthe clients of Trezor they would have been contacted by malicious actors posing as the company via email. In that email, they received instructions to download an application from the domain “trezor.us“, which is different from the official domain name of Trezor“trezor.io“.
Users in the community shared screenshots showing the scam email, noting that the design of the scam looked almost identical to the official brand. “wow, this is the best phishing attempt I’ve seen in recent years. I’m really lucky I don’t have Trezor, because if I did, I’d probably download that update.“commented one on Twitter.
wow, @Trezor, this is the best phishing attempt I have seen in the last few years. I am really lucky I don’t have Trezor, because if I had, I would probably actually download that update. pic.twitter.com/DaBN2Oix11
— Tomas Kafka (@keff85) April 2, 2022
It should be noted that in an attack by phishinghackers mimic a trusted company, website, or application to steal passwords and extract funds from users, who access the fake site under the illusion that it is legitimate.
Trezor confirms scam and warns users
Because the threatened email addresses were specifically targeted at users of Trezora possible data breach was suspected.
The hardware company had that suspicion and said on Sunday in a tweet who was investigatinga potential data breach of a MailChimp-hosted newsletter subscription” after receiving several complaints from users. Trezor He also suggested his followers avoid opening emails identified as being from the company. Shortly after that day, the company confirmed this suspicion.
“mailchimp [ha] confirmed that their service has been compromised by an insider targeting crypto companies“said Trezor in a publication later. “We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected“.
We will not communicate via newsletter until the situation is resolved. Please do not open any email that appears to come from Trezor until further notice. Make sure you are using anonymous email addresses for Bitcoin related activities.
We will not be communicating by newsletter until the situation is resolved.
Do not open any emails appearing to come from Trezor until further notice. Please ensure you are using anonymous email addresses for bitcoin-related activity. two/
— Trezor (@Trezor) April 3, 2022
The phishing attack was reportedly an attempt to trick users into downloading malicious code under the guise of the desktop app. suite room from trezor, alleging an alleged false security breach in the company.
as reviewed cryptopotatoto carry out carried out the attack, the fraudsters would have downloaded the original source code of Trezor Suitewhich is open source, and would have created their own fake app modified to look identical to the legitimate one. The fake Suite, ironically, also had a notice at the top of the screen warning users about hacking attacks. phishing.
The domains of the campaign phishing, trezor(.)us, and suite(.)xn--trzor-o51b(.)com, have since been removed, the wallet company said on Twitter. The exact number of victims and funds committed after the massive threat were not disclosed.
Article by Hannah Estefanía Pérez / DailyBitcoin
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.