"RiskIQ researchers have discovered a phishing automated transfer system (ATS) dubbed MEWKit, which targets users of the Ethereum exchange MyEtherWallet.
What sets this new hacker tool apart is that it exceeds the capabilities of a typical phishing kit by leveraging characteristics of ATS malware to access and steal victims’ Ethereum funds directly from the exchange.
MEWKit consists of two parts: a phishing page mimicking the MyEtherWallet site and a server-side component that handles the wallets to which attackers transfer stolen funds once a phishing attack succeeds. While typical phishing pages usually redirect to the legitimate version of the website so the victim can log in again, MEWKit simply abuses MyEtherWallet’s unique access to the Ethereum network to make the transactions in the background.
Once a user logs in, MEWKit checks their wallet’s balance and requests a receiver address from the server side. It then leverages the standard MyEtherWallet functionality by setting the attacker-owned wallet as the receiving address and transferring out the victim’s entire balance.
The back end of MEWKit allows the attackers to monitor how much Ethereum has been collected, as well as keeping a record of private user keys and passwords which can potentially be used for further attacks.
In order to avoid falling for this form of attack, RiskIQ urges all MyEtherWallet users to use caution when using the platform.
"Please keep a very close eye on which URL you open, and, preferably, have a bookmarked page for MyEtherWallet or type the domain name yourself," warns the report, which also tells users not to use links claiming to be the service that have been sent via email or social media."