In just a few days, hackers managed to intercept almost $18,000 in cryptocurrency.
An extensive network of phishing sites masquerading as the popular self-destructing messaging service Privnote was recently discovered in cyberspace. These sites are designed to look and function like a real Privnote, but with one major difference: if a message contains cryptocurrency wallet addresses, they are automatically replaced with addresses controlled by fraudsters.
The original Privnote website, launched in 2008, uses encryption technology to create messages that can only be read once. Privnote's appeal among cryptocurrency enthusiasts has made it a constant target for phishers creating clone sites to intercept cryptocurrency payments.
The situation escalated when one of these phishing sites — privnote[.co-filed threats of legal action against MetaMask, claiming that it was wrongly marked as fraudulent. In response to these threats, a MetaMask representative posted screenshots confirming the site's fraudulent activity.
These sites attract new users by manipulating the results of search engines to get high positions in the search results for queries related to Privnote.
Particular attention is drawn to the connection of some of these phishing domains with other fraudulent campaigns, as well as with the doxing of activists, for example, through the hkleaks [.] ml website, which discloses the personal information of pro-democracy activists in Hong Kong.
According to the investigation, within a few days of March 2024 alone, fraudsters were able to intercept and transfer almost $ 18,000 in cryptocurrencies through such phishing sites. This indicates the high profitability of their activities and underlines the need for vigilance when using both cryptocurrency services and encrypted communications services.
An extensive network of phishing sites masquerading as the popular self-destructing messaging service Privnote was recently discovered in cyberspace. These sites are designed to look and function like a real Privnote, but with one major difference: if a message contains cryptocurrency wallet addresses, they are automatically replaced with addresses controlled by fraudsters.
The original Privnote website, launched in 2008, uses encryption technology to create messages that can only be read once. Privnote's appeal among cryptocurrency enthusiasts has made it a constant target for phishers creating clone sites to intercept cryptocurrency payments.
The situation escalated when one of these phishing sites — privnote[.co-filed threats of legal action against MetaMask, claiming that it was wrongly marked as fraudulent. In response to these threats, a MetaMask representative posted screenshots confirming the site's fraudulent activity.
These sites attract new users by manipulating the results of search engines to get high positions in the search results for queries related to Privnote.
Particular attention is drawn to the connection of some of these phishing domains with other fraudulent campaigns, as well as with the doxing of activists, for example, through the hkleaks [.] ml website, which discloses the personal information of pro-democracy activists in Hong Kong.
According to the investigation, within a few days of March 2024 alone, fraudsters were able to intercept and transfer almost $ 18,000 in cryptocurrencies through such phishing sites. This indicates the high profitability of their activities and underlines the need for vigilance when using both cryptocurrency services and encrypted communications services.
