Security News > 2022 > February > Microsoft offers defense against 'ice phishing' crypto scammers
Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining.
Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.
The recent $120m attack on BadgerDAO, for example, relied on a malicious injected script to enable ice phishing, which involved prompting users of the BadgerDAO web app to delegate the attacker to conduct transactions for them.
"In an 'ice phishing' attack, the attacker merely needs to modify the spender address to the attacker's address," said Christian Seifert, a security researcher at Microsoft, in a blog post.
Microsoft at least has an idea about how to mitigate cryptocurrency-focused attacks.
Seifert also offers web3 users advice on protecting themselves from threats like the BadgerDAO attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/18/microsoft_ice_phishing/
Related news
- Five Scattered Spider suspects indicted for phishing spree and crypto heists (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Malicious Microsoft VSCode extensions target devs, crypto community (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)