Web3 Mobile Wallet New Scam Demystified: Modal Phishing Attack

Recently, a new phishing technique targeting Web3 mobile wallets has caught the attention of security researchers. Dubbed "Modal Phishing," the technique mainly misleads users by manipulating the modal windows of mobile wallets.

An attacker can send a fake message to a mobile wallet, impersonate a legitimate decentralized application (DApp), and display misleading content in the wallet's modal window to trick users into approving the transaction. This fishing technique is now widely used. The relevant component developers have confirmed that a new validation API will be released to reduce risk.

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack

Principles of modal phishing attacks

Modal phishing attacks are mainly carried out against the modal windows of crypto wallets. A modal window is a commonly used UI element in mobile apps, typically displayed at the top of the main window, for quick actions such as approving or rejecting a trade request.

A typical Web3 wallet modal design will provide transaction information and an approve/reject button. However, these UI elements can be controlled by attackers for phishing attacks.

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack

Attack Cases

1. Phishing DApps via Wallet Connect

Wallet Connect is a popular open-source protocol for connecting user wallets to DApps. During the pairing process, the wallet displays the meta information provided by the DApp, including the name, URL, and icon. However, this information is unverified, and attackers can forge the information of legitimate DApps.

For example, an attacker can impersonate a well-known DApp to trick users into connecting to a wallet and approving transactions. During the pairing process, the modal window displayed by the wallet will present the seemingly legitimate DApp information, which increases the credibility of the attack.

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack

2. Phishing via smart contract information

Some wallet applications display the method name of the smart contract in the transaction approval mode. Attackers can mislead users by registering a specific method name, such as "SecurityUpdate".

For example, an attacker could create a phishing smart contract that contains a function called "SecurityUpdate". When a user views a transaction request, they will see a "security update" request that appears to be from the wallet's official authority, increasing the likelihood that the user will approve the malicious transaction.

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack

Prevention Recommendations

1. Wallet developers should always verify the legitimacy of external incoming data and should not blindly trust any unverified information.

2. Developers should carefully select the information they show to users and filter content that may be used for phishing attacks.

3. Users should be vigilant for every unknown transaction request, carefully check the transaction details, and do not easily approve requests from unknown sources.

4. Relevant agreements and platforms should consider introducing stricter verification mechanisms to ensure that the information presented to users is authentic and reliable.

! [Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack] (https://img-cdn.gateio.im/webp-social/moments-966a54698e22dacfc63bb23c2864959e.webp)

! Demystifying the Web3.0 Mobile Wallet New Scam: Modal Phishing Attack: Modal Phishing

As Web3 technology continues to evolve, increased security awareness is essential for both users and developers. Only by staying vigilant and constantly improving your security measures can you effectively prevent these new types of phishing attacks.