Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain

A crypto intelligence firm has raised red flags about an increasing flow of comments in the crypto community about an ongoing phishing campaign, which is stealing funds from people who install a malicious browser extension.

Chrome Browser Extension Is Redirecting Crypto Users to a Fake Metamask Site

According to an alert published by Ciphertrace, since December 2, 2020, they have been noticing “an uptick of alerts and comments” about crypto funds stolen via a Chrome browser extension posing as the ethereum (ETH)-based wallet Metamask.

The fraudulent extension redirects victims to installmetamask.com, which is not an official site of Metamask. Per Whois information, the web domain was registered on November 29, 2020. Ciphertrace found out the first mention in Twitter of the fraudulent domain from a user who asked Metamask team about the site’s authenticity.

The screenshots taken to the fake MetaMask site mirrors the real one:

Warning: Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain
Fraudulent site’s screenshot

Fraudster Is Paying for Ads to Promote Phishing Site

Moreover, U.S.-based Ciphertrace posted an update on December 3, 2020, detailing that phisher behind Metamask’s fake extension keeps buying sponsored ads on Google, which appear when people search for “metamask” term.

This time, sponsored ads have been relying on other domain names by attempting to impersonate Metamask. One of the domains (meramarks.io), however, is offline as of press time.

The firm has been in contact with the crypto wallet company about the situation. Also, Metamask issued the following warning through their official Twitter account:

@Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links.

Back on January 02, 2020, Google reversed its decision to ban the Metamask app from the Play Store, as per request from the crypto community.

In 2019, the company argued that its strict content policy on apps that expose users to “deceptive or harmful financial products and services” was a reason for the ban.

Have you or a friend been a victim of similar crypto-related phishing scams? Let us know in the comments section below.

Tags in this story
browser extension, crypto scam, cybersecurity, ETH, Ethereum (ETH), Ethereum wallet, Google Chrome, metamask, Metamask Wallet, Phishing, Phishing Sites, Wallets

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer