Trezor, the multi-cryptocurrency wallet facility, has declared it has been aimed in a phishing campaign that has seen some users of its facility redirected to a malevolent website in an effort to get their identifications.
Trezor became conscious of the phishing campaign when the firm began to receive grievances from its users concerning an illegal Secure Sockets Layer (SSL) document on the site.
Users who were guided to the bogus Trezor site were cautioned regarding memory damage with the message, “Mistake particulars: Your Trezor data loss! Please, recuperate seed to reestablish data.” The lack of a legal SSL document was a red flag, as was the use of improper phrasing and bad grammar. Nevertheless, aside from the lack of a legal SSL document, the site seemed genuine with the right domain shown in the address bar.
If users failed to recognize the first two red flags, the third must have verified that the site was not genuine. Users were questioned to insert their order number and recovery seed. Trezor clarified that the recovery seed must never be inserted on a computer together with the order number. The seed must only be inserted on a Trezor hardware appliance. If the seed is gotten, it would let an attacker take control of a Trezor wallet.
Trezor has advised this was either a DNS destroying attack or an instance of BGP takeover. A DNS destroying attack abuses weaknesses in the DNS procedure that lets traffic to the official site to be guided to a malevolent site. BGP hijacking, or prefix hacking, is a seizure of groups of IP addresses gotten by corrupting Internet routing tables through the Border Gateway Procedure.
Presently, the precise method of attack is not known and it is still being probed. Trezor was able to get in touch with the hosting provider used by the attacker and the bogus website has now been taken down.