Security News > 2022 > February > Microsoft offers defense against 'ice phishing' crypto scammers
Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining.
Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.
The recent $120m attack on BadgerDAO, for example, relied on a malicious injected script to enable ice phishing, which involved prompting users of the BadgerDAO web app to delegate the attacker to conduct transactions for them.
"In an 'ice phishing' attack, the attacker merely needs to modify the spender address to the attacker's address," said Christian Seifert, a security researcher at Microsoft, in a blog post.
Microsoft at least has an idea about how to mitigate cryptocurrency-focused attacks.
Seifert also offers web3 users advice on protecting themselves from threats like the BadgerDAO attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/18/microsoft_ice_phishing/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)