Scammers Clone Encrypted Messaging Platform and Siphon Users’ Bitcoins Author: Jimmy Aki Last Updated: 15 June 2020 Cryptocurrency thieves have continued to adopt increasingly sophisticated means to conduct their operations. A new technique, however, appears to have targeted a popular encryption site. Yesterday, IT security and analysis site KrebsOnSecurity published a report showing that Privnote, a free encrypted messaging platform, was cloned and used to steal users’ digital assets. A Clever Scam Operation Privnote is a platform that allows people to send encrypted messages that self-destruct after being read. In Sunday’s report, KrebsOnSecurity explained that hackers had devised a phishing scam in which they redirected unsuspecting victims to an identical version of the platform. KrebsOnSecurity explained that the owners of Privnote had alerted them to a close that was stealing their customers. Instead of the ideal privnote.com, the hackers had bought the domain privnotes.com and were taking advantage of people who wander there. However, instead of encrypting messages, Privnotes reads and/or modifies messages that users send. However, the news source explained that the platform discovered a script that hunts messages containing Bitcoin addresses. After further investigations, they found that the script changes these original addresses to the hackers’ address in the sent message. So, any funds sent through the platform would get diverted to the hacker’s Bitcoin address, instead of the intended destination. “Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same,” the security company pointed out in the post. KrebsOnSecurity added that the hackers had deployed a clever technique to steal customers from Privnote. Apart from choosing a dummy website with a strikingly similar name, it’s worth noting that anyone who types “Privnotes” in Google’s search box will see a paid ad for “Privnote” as the top result. However, the ad itself leads to the dummy website. In addition, the fact that these messages self-destruct once they’re sent means that users won’t be able to go back and check if they entered the right Bitcoin address. Allison Nixon, the Chief Research Officer at Unit 221B, who helped identify and test the phishing scam, said in the post, “The type of people using Privnote aren’t the type of people who are going to send that Bitcoin wallet any other way for verification purpose. It’s a pretty smart scam.” The Clone Wars Continues Privnote is just the latest in the long list of services to get crypto-stealing clones. Several apps and platforms have dealt with the problem in the past. However, it appears to have increased this year. Last month, cybersecurity news source Naked Security reported that one of its crypto-focused security researchers had found 22 malicious extensions on the Google Chrome store. Per the report, the extensions impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask, and Jaxx. This way, hackers can effectively trick people into giving away their wallet details. In April, Google itself removed another 49 malicious clone extensions from the Chrome browser. Most of them also belonged to wallet applications, as customers appear to trust these services more.