MetaMask has warned about a new phishing attack targeted at iCloud backups
following the theft of more than $655,000 from at least one user, BleepingComputer reports.
"If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials
, this can mean stolen funds," said MetaMask.
The phishing attack involved the delivery of various text messages asking for an Apple account reset, with the attacker later spoofing an Apple Inc. number to warn about suspicious account activity. After providing the six-digit verification code from Apple to the fake support agents, the target had his MetaMask wallet emptied.
Moreover, a final Apple account password reset enabled attackers to access their victim's iCloud data with MetaMask seed backups, facilitating the theft of $655,388 in cryptocurrency.
Users have been urged to remove MetaMask from iCloud backups to avoid being impacted by such attacks.