Metamask Phishing Kit 06f6d4f9

Metamask Phishing kit that uses tries to socially engineer the victim into supplying their secret recovery phrases or private key.

This kit is made by an Arabic/Hindi speaking threat actor, as seen by the various words like 'tsawer' and 'gadha' being used in the HTML & JS.

References

IOK Rule (edit)

title: Metamask Phishing Kit 06f6d4f9
description: |
  Metamask Phishing kit that uses tries to socially engineer the victim
  into supplying their secret recovery phrases or private key.
  
  This kit is made by an Arabic/Hindi speaking threat actor, as seen
  by the various words like 'tsawer' and 'gadha' being used in the 
  HTML & JS.
  
references:
  - https://urlscan.io/result/06f6d4f9-0bc6-4519-9ffb-96bd07212c29
  - https://urlscan.io/result/708f32cb-fe2d-4939-9757-5926fff68bde
  
detection:

  stylesheetFilename:
    requests|contains: 'tarma.css'
    
  scriptVariables:
    js|contains|all:
      - 'gad_lcode'
      - 'gadha'
      - 'lktba_final'

  condition: stylesheetFilename and scriptVariables

tags:
  - kit
  - target.metamask