Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

I'm currently working on reviving the OG social engineering technique for phishing attacks to be natively supported in Evilginx Pro. The Browser-in-the-Browser (BITB) technique (pioneered by mr.d0x) is making a well-deserved comeback soon. - Displays a fake OS pop-up window with the phishing page rendered within. 🖼️ - Customisable...

33,412 Aufrufe • vor 9 Tagen •via X (Twitter)

0 Kommentare

Keine Kommentare verfügbar

Kommentare vom Original-Post werden hier angezeigt

Ähnliche Videos

🚨 New Crypto Pop-Up Is Draining Users 🚨 If you use a crypto wallet, you're familiar with the embedded browser pop-up that prompts you to sign transactions. However, scammers are now exploiting this in an updated scam tactic. When a user navigates to a scam site via social engineering, sponsored scam ads, or scam comments on X with a look-alike link, it mirrors the real website, in this case, to claim a Jupiter airdrop (not real). The website mirrors the real site exactly and follows the normal flow: clicking "connect wallet," then detecting which wallets you have installed in the browser. In this VM, I have MetaMask 🦊 and Phantom installed, so it detected both. I was already logged into MetaMask, so when I clicked on it, instead of prompting me within the MetaMask browser extension, it created a new pop-up window (separate browser window) impersonating MetaMask, displaying the URL and mimicking the real MetaMask behavior. Since my MetaMask wallet was empty, it said I "was not eligible". But if I had any funds in the wallet, it would have prompted for a wallet-draining signature/approval. When I tested with Phantom, it followed the same flow. However, because I wasn't logged into Phantom, the fake window impersonating Phantom popped up first, followed by the real Phantom prompt within the browser asking me to log in so that way the scam window pop up could prompt me for a scam approval/signature to drain that wallet after I logged into my legit wallet. While you may be watching this closely and catching the red flags, like the scam Vercel app URL showing in the address bar, many people don't read anything when prompted for a wallet connection or signature. They simply click. This scam has already drained many wallets because people click without taking even one second to review what they're signing. Always, no matter what, take at least a few seconds to review what you're signing in your wallet each time. Something as simple as noticing the URL bar could save you from losing everything….. Stay Safe & Stay Vigilant

NFT_Dreww.eth

47,397 Aufrufe • vor 5 Monaten