New Phishing Scheme Targets Crypto Futures On MEXC Exchange Sead Fadilpašić | usagoldmines.com

The JFrog Security Research team has warned about a malicious package targeting crypto futures trading on the MEXC exchange, seeking to steal funds and leak trading credentials.

The team has published a report on April 15 detailing the “ccxt-mexc-futures” package, which uses the legitimate Cryptocurrency Exchange Trading (CCXT) library to redirect user trading requests to a malicious server.

The malicious party sets a domain, very similar to the legitimate one. In this case, a user can mistake the fake MEXC domain for a legitimate one.

Once a victim falls into the trap, the attackers can hijack all crypto and sensitive information that the trading request contains.

Therefore, attackers can also steal Application Programming Interface (API) keys and secrets. Subsequently, this compromises crypto trading accounts.

Per the researchers, “the use of obfuscation techniques and a fake MEXC website further demonstrates the sophistication of this phishing campaign.” The fake website is even promoted on Facebook.

Meanwhile, going into more detail, JFrog explains that the ccxt-mexc-futures package claims to extend the crypto trading capabilities via the CryptoCurrency eXchange Trading (ccxt) PyPI package.

This is a legitimate and popular crypto trading Python package that supports trading on many exchanges, including MEXC.

However, the attackers claim that the malicious package extends the legitimate CCXT package to support “futures” trade on MEXC.

Instead, to accomplish its goals, the malicious package overrides three relevant functions: describe, sign, and prepare_request_headers.

Adding, Rewriting, Redirecting, Stealing Crypto Futures

The report goes on to explain that the MEXC interface in CCXT defines a wide set of APIs to support different types of trading. The attackers targeted two of these APIs: contract_private_post_order_submit and contract_private_post_order_cancel.

Once the malicious ccxt-mexc-futures package overrides these two APIs, it adds a third one, spot4_private_post_order_place.

Therefore, users create, place, or cancel trading orders through these APIs that pose as the legitimate APIs of the CCXT library.

“Every time a user utilizes these entries, instead of using the CCXT-defined entries, they will use the attacker’s entries, specifying futures trading in the request,” the researchers say.

Notably, the attackers went even further. They made it so that a “BadRequest” response will change into an “OrderFilled” response, so that users think the order went through.

Also, as the malicious package overrides the sign function, if a user tries to communicate with MEXC using the package, the requests will go to the fake domain.

This also means sending the user token in the request header to the attackers.

If the user token is not supplied, the package will request the user to add it before making an order.

“If it is not a future-related entry, the package directs the flow to the original MEXC exchange implementation of the CCXT package,” the report notes.

Meanwhile, the researchers discovered two versions of the malicious package. They use different methods to hide and run arbitrary code on the computer of the victim who installed the package.

However, both methods are “very common ways for attackers to hide and run malicious payloads.”

As a response to this threat, JFrog says it has added the malicious Python packages to JFrog Xray to enable users to detect them immediately.

The post New Phishing Scheme Targets Crypto Futures On MEXC Exchange appeared first on Cryptonews.

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.