Mercku, a Canadian multinational wireless networking equipment manufacturer, experienced a cyberattack that compromised its helpdesk portal. As a result, newly submitted support tickets triggered phishing emails disguised as urgent MetaMask account updates. These emails urged recipients to amend their cryptocurrency wallet information within 24 hours to avoid losing access, exploiting a sense of urgency to trick users.
The phishing emails appeared legitimate, using a subject line that referenced MetaMask and included a link containing “metamask.io.” However, the link redirected users through a malicious “zpr[.]io” service, ultimately leading to another fraudulent site at “hxxps://matjercasa.youcan[.]store.” This redirection was designed to exploit the userinfo part of the URI scheme, making the phishing attempt appear more credible.
Despite the attack, further intrusions were reportedly averted after the hosting account for the malicious site was suspended. However, the initial breach raised significant concerns about the security of Mercku’s support portal and the potential risks to organizations relying on their services. The incident underscores the importance of vigilance in the face of increasingly sophisticated phishing schemes.
Given the severity of the attack, organizations using Mercku’s services are advised to avoid interacting with the firm’s support portal and to be wary of any emails originating from it. The incident highlights the need for robust security measures and user education to prevent the success of similar attacks in the future.
Reference:
