New Phishing Attack on Web3.0 Mobile Wallets: Modal Window Deception

Recently, a new type of phishing technique targeting Web3.0 mobile Wallets has drawn the attention of security experts. This attack method is known as "Modal Phishing" and primarily exploits modal windows in mobile Wallet applications to mislead users.

Attackers send false information to mobile Wallets, masquerading as legitimate decentralized applications (DApps), and display misleading content in the Wallet's modal window, luring users into approving malicious transactions. This phishing technique has currently been widely used across multiple platforms.

The Principle of Modal Phishing Attacks

Modal windows are common user interface elements in mobile applications, typically used to display important information such as transaction requests. In Web3.0 Wallets, these windows showcase transaction details, the identity of the requester, and other key information for users to review and decide whether to approve.

However, research has found that certain UI elements within these modal windows can be controlled by attackers, enabling phishing attacks. There are two main vulnerabilities present:

1. When using the Wallet Connect protocol, attackers can control the information displayed by the DApp, such as name, icon, etc.
2. In some Wallet applications, attackers can manipulate the display of smart contract information.

Typical Attack Cases

Case 1: DApp phishing through Wallet Connect

Wallet Connect is a popular open-source protocol used to connect user wallets with DApps. During the pairing process, the wallet displays metadata provided by the DApp, including name, website, icon, etc. However, this information has not been verified.

Attackers can forge this information, impersonating well-known DApps (such as Uniswap) to lure users into connecting. Once the connection is established, the attackers can send malicious transaction requests to steal users' funds.

Case 2: MetaMask Smart Contract Information Phishing

Wallets like MetaMask display the method names of smart contracts on the transaction approval interface. Attackers can register smart contract methods with misleading names (such as "SecurityUpdate"), making the transaction request appear as if it comes from the official security update of the wallet.

By combining forged DApp information, attackers can create highly deceptive transaction requests, enticing users to approve malicious actions.

Prevention Recommendations

1. Wallet developers should always treat externally provided data as untrusted and validate all information presented to users.

2. Protocols like Wallet Connect should consider adding a verification mechanism for DApp information.

3. Wallet applications should monitor and filter sensitive vocabulary that may be used for phishing.

4. Users should remain vigilant when approving any unknown transaction requests and carefully verify the transaction information.

5. Wallet providers should strengthen the security design of key UI elements such as modal windows.

In summary, with the development of the Web3.0 ecosystem, both users and developers need to enhance their security awareness to collectively address the evolving cyber threats. It is crucial to maintain a moderate level of suspicion and caution for every transaction request.