BleepingComputer has verified that the helpdesk portal of a router maker is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise.
The Canadian router manufacturer, Mercku provides equipment to Canadian and European Internet Service providers and networking companies including Start.
Support tickets acknowledged with MetaMask phishing.
Support requests submitted to router manufacturer, Mercku are being auto-responded to with phishing emails, BleepingComputer has confirmed.
Action Required: Your account will experience temporary inaccessibility until you complete the update.
To prevent any inconvenience and potential loss of account access, we kindly request that you complete this mandatory update within the next 24 hours.
Ca, FibreStream, Innsys, RealNett, Orion Telekom, and Kelcom provide Mercku's equipment to their customers.
In our tests, we contacted Mercku via its Zendesk portal and received the above message in place of an automated acknowledgment.
MetaMask is a cryptocurrency wallet that uses the Ethereum blockchain and is available as a browser extension and a mobile app.
Given its popularity, MetaMask has often become a target for attackers including phishing actors and crypto scammers.
Attackers have abused such variations allowed by the IETF's specifications to target unsuspecting users with phishing attacks.
Whereas it is actually '10.0.0.1'.Note that a misleading userinfo subcomponent could be much longer than the example above.
In practice, the userinfo part of the URI scheme is rarely used, from a technical perspective.
Io service, which is a URL shortener abused by the attacker in this instance, further redirects the visitor to another website, hxxps://matjercasa.
BleepingComputer contacted Mercku's support and press teams over the weekend to notify them of this compromise and ask additional questions about how it occurred.
In the meantime, Mercku customers and prospects should refrain from using the manufacturer's support portal and interacting with any communications originating from it.
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords.
ONNX phishing service targets Microsoft 365 accounts at financial firms.
ASUS warns of critical remote authentication bypass on 7 routers.
New phishing toolkit uses PWAs to steal login credentials.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 01 Jul 2024 08:00:31 +0000