Metamask provides a cryptocurrency wallet for its users.
Users can access the web3 ecosystem of decentralized apps on Metamask.
Metamask was developed on the Ethereum network and came as a browser plugin like every other browser plugin.
Consensys Software inc developed Metamask and could be deployed in a mobile app or a browser extension.
Metamask warned apple users that a phisher could attack their iCloud.
iPhones, Mac, and iPad users are liable to a phishing attack that will lead to the loss of their digital assets in their Metamask wallets.
The attack is related to default device settings, making the "password encrypted Metamask vault" accessible to unauthorized users.
Several people fell victim before Metamask made the announcement.
Blockchain technology is riddled with different forms of attack. This is not strange because the cyberattack is a thriving venture.
Blockchain developers continue to devise various tools and mechanisms to ensure that these attackers do not have unauthorized access to people's blockchain wallets and transactions.
One of those mechanisms is to detect imminent attacks and alert all stakeholders and users of the blockchain platform. Something similar occurred when metamask sent out notifications to all Apple users to beware of iCloud phishing attacks.
Not to worry, this article will give the complete details about metamask, what the phishing attack looks like, and the notification to iCloud users.
What Is Metamask?
Metamask is a cryptocurrency wallet where users can access the web3 ecosystem of decentralized applications.
The web3 is a decentralized internet, likewise the cryptocurrency, and to use these decentralized protocols, you need a user-friendly interface like Metamask.
Metamask comes as a browser plugin like every other browser plugin and serves as an Ethereum wallet. Once you install the Metamask, you can store your Ether token and every other ERC-20 token.
Metamask allows you to connect to the Ethereum-based Decentralized apps, spend the Ether tokens in virtual games, stake tokens in gambling applications, and make tradings on decentralized exchanges (DEX).
Metamask is developed by Consensys Software inc and could be deployed in a mobile app or a browser extension. This blockchain software focuses solely on Ethereum-based protocols and Infrastructure.
Now we can move to the Imminent phishing attack and how Metamask notifies Apple users over the iCloud phishing attack.
Metamask Warns Apple Users To Stay Alerted
Several weeks ago, Metamask added an update to enable Apple users to buy digital assets with Apple Pay. This foray into the Apple ecosystem, however, came with its challenges.
The challenge is the iCloud Phishing attack.
Metamask has sent out a warning to the internet community (at large), particularly Apple users, concerning the Apple iCloud phishing attack.
For those who use iPhones, Mac, and iPad, the issue is related to default device settings, making the "password encrypted Metamask vault" accessible to unauthorized users. The password-encrypted Metamask vault is stored on the Cloud once the user enables the automatic backup settings for their application data.
The announcement was made on Metamask's Twitter page following a thread posted on Monday. Metamask made it known that their esteemed customers who use Apple devices are liable for the attack.
These users risk losing their funds if their Apple password is weak, and a potential attacker might be able to phish their account details.
Investigation showed that what prompted the warning and alert from Metamask was a report by a Non-Fungible Token (NFT) collector whose Twitter handle is “revive_com.” He stated that their entire wallet with about $650 000 worth of digital assets and NFT collections was wiped away.
In a similar report, “Serpent,” the project founder of DAPE NFT, made another thread and shared it with their over 277,000 followers. The thread detailed how the attack happened to the victim, and it gained the attention of Metamask.
The thread showed that the victim received text messages requesting that he reset his Apple ID password. Shortly after, the victim was said to have received a supposed call from Apple.
Revive.com said they fell for the trick and released their six-digit verification code to prove ownership of the account, as requested by the caller. The caller used this digit to access the Metamask account via the data stored on iCloud.
It was reported that Revive_com lost three MAYC and three Gutter Cat NFTs alongside 100,000 worth of Ape tokens.
I opine that the Revive_com handler who received the call and gave out such a vital detail without verifying the caller's authenticity made a big mistake.
In this era of cybercrime and hacking, such a call should have been confirmed before releasing any details of your Apple ID and sharing it with their over 277,000 followers. The thread detailed how the attack happened to the victim and gained the attention of Metamask.
The Twitter thread showed that the victim received text messages requesting that he reset his Apple ID password. Shortly after, the victim was said to have received a supposed call from Apple. Revive.com said they fell for the trick and shared the digits.
In a similar vein, experts, victims, and other cryptocurrency enthusiasts expressed displeasure on why Metamask, the wallet provider, will store user seed phrases without their knowledge. They also emphasized the importance of cold wallet storage to protect their digital assets.
Metamask further added that fixing the issue is quite simple. You can disable automatic iCloud backups for Metamask in your Apple backup storage.
Users can shut down unrequested backup by disabling iCloud backup in the phone settings. It is best advised that users create a strong password for their Apple ID and Metamask wallet.
Conclusion
Phishing and other cyberattacks on blockchain wallets and transactions are becoming rampant. Developers of these tools need to put additional security measures and firewalls to reduce these attacks to the barest minimum.
It is strongly advised that you should verify the authenticity of callers before disclosing essential details of your blockchain wallet and every other important information. It is easy for these attackers to pretend to be from trusted sources.
Metamask has released the warning to the entire public, and it is expected that all users, not only Apple users, will follow the security measures and do the needful.
Author:
Valentine. A, Gate.io Researcher
This article represents only the researcher's views and does not constitute any investment suggestions.
Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.