Connect with us

Bitcoin News

Security Researcher Tears Up a Binance Scam Site to Find the Hackers

Published

on

In a six hour trek through an insecure server, security researcher Harry Denley was able to reconstruct – and apparently shut down – a clever phishing attack that is targeting users of the Binance crypto exchange.

His Medium post details the activity on a phishing site – logins-binance.com12754825.ml – that was collected logins and two-factor codes from confused users. The server presented what looked like a standard Binance login and the user would type in their credentials and then be forced to wait, presumably while the hackers logged in on their side.

Luckily the server was wide open and Denley was able to find tools, logs, and even email addresses for the hackers.

Image via Medium

Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.

This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.

The code also sent emails to various bad actors. The domains he found, including the nonsensical com12754825.ml one, seem to have been shut down and emails to the embedded addresses went unanswered. As we see, security is almost 90% about making sure that login screens and URLs look right and the rest, it seems, is luck.

Denley is Director of Security at MyCrypto.com and he last reported on a massive hole in an open source paper wallet generator.

Header image via Coindesk Archive

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading
Advertisement
Advertisement

Recent Posts

Copyright © 2019 The Crypto Report