|
Title: [Warning]: Fake MetaMask Post by: fullfitlarry on August 31, 2025, 12:19:46 PM What happened: Fake MetaMask
Code: https://metamaskio-com-ext.pages.dev/ Archived: https://web.archive.org/save/https://metamaskio-com-ext.pages.dev/ https://www.talkimg.com/images/2025/08/31/UnwS9W.png https://www.virustotal.com/gui/url/04d2da04c4091964f5fc4645dd11742cb4e9ab9cb5ace562bdcc08630fd80a23 https://www.talkimg.com/images/2025/08/31/UnwnXJ.png Title: Re: [Warning]: Fake MetaMask Post by: JeromeTash on August 31, 2025, 01:24:07 PM Yes, the link is highly suspicious, but I wonder what their endgame is at this point. The actual contents of the page have links to the actual metamask wallet official website so as things stand right now, they can't phish anything.
Maybe the plan is to change the links later once people start trusting the domain? Title: Re: [Warning]: Fake MetaMask Post by: virasog on August 31, 2025, 05:02:59 PM Yes, the link is highly suspicious, but I wonder what their endgame is at this point. The actual contents of the page have links to the actual metamask wallet official website so as things stand right now, they can't phish anything. Maybe the plan is to change the links later once people start trusting the domain? There must be more planning by the scammers in this case. Since they have the legit Metamask link, this could be to avoid blacklists as the Google Safe browsing will not flag it immediately. Even the antivirus softwares and other security services will inspect it as clean. Also, this can be an attempt to have the domain get indexed by Google and when people search "MetaMask download" or similar terms, their site can show up. However, later they can put the phishing link and launch a broader version of the scam. :o Title: Re: [Warning]: Fake MetaMask Post by: PX-Z on August 31, 2025, 10:42:51 PM Great find! I'm curious where did you found this website? As I see the site uses pages.dev domain which is from cloudlflare itself. Can't they see those devs deploying phishing site on their platform.
And yes, they are using the correct links there, maybe this is just experimental site. Well, anyway, it's still bad practice to download any software from non official websites. Title: Re: [Warning]: Fake MetaMask Post by: SFR10 on September 01, 2025, 01:21:19 PM https://www.talkimg.com/images/2025/08/31/UnwnXJ.png At the time of this writing, five other security vendors have flagged it as well [screenshot (https://www.talkimg.com/images/2025/09/01/Unn3bH.jpeg)].Can't they see those devs deploying phishing site on their platform. Without users reporting it to them, it could take some time before they notice such things [unfortunately]. I ran a plagiarism test on its content and it led to another flagged website [more than 50% of its content got matched] with a similar-looking URL [screenshot (https://www.talkimg.com/images/2025/09/01/UnnVtz.jpeg)], so I don't think it's for experimental purposes.And yes, they are using the correct links there, maybe this is just experimental site.
Title: Re: [Warning]: Fake MetaMask Post by: coin-investor on September 01, 2025, 03:53:28 PM Great find! I'm curious where did you found this website? As I see the site uses pages.dev domain which is from cloudlflare itself. Can't they see those devs deploying phishing site on their platform. And yes, they are using the correct links there, maybe this is just experimental site. Well, anyway, it's still bad practice to download any software from non official websites. It's a Cloudflare Pages, it's a script deployment service by Cloudflare Their free service plan offers numerous perks, but this is problematic because scammers and hackers can exploit this feature to scam people at no cost. They should employ parameters to prevent people from abusing their test trial features. https://www.talkimg.com/images/2025/09/01/UnCYDN.png (https://www.talkimg.com/image/UnCYDN) Title: Re: [Warning]: Fake MetaMask Post by: PX-Z on September 01, 2025, 11:34:29 PM It's a Cloudflare Pages, it's a script deployment service by Cloudflare Yes, just like any free script deployment site, all are prone and used to abuse, using different site, tools tend to get victims, etc. Their free service plan offers numerous perks, but this is problematic because scammers and hackers can exploit this feature to scam people at no cost. They should employ parameters to prevent people from abusing their test trial features. Seriously, it's their responsibility to regularly check those free deployed site at least once a week or so on their platform especially for those sub domain that is similar to existing platforms. Title: Re: [Warning]: Fake MetaMask Post by: cryptomaniac_xxx on September 03, 2025, 12:01:06 PM It's a Cloudflare Pages, it's a script deployment service by Cloudflare Yes, just like any free script deployment site, all are prone and used to abuse, using different site, tools tend to get victims, etc. Their free service plan offers numerous perks, but this is problematic because scammers and hackers can exploit this feature to scam people at no cost. They should employ parameters to prevent people from abusing their test trial features. Seriously, it's their responsibility to regularly check those free deployed site at least once a week or so on their platform especially for those sub domain that is similar to existing platforms. True, and now they are also being abused by this criminals. Maybe in the beginning, they didn't thought about it. But now, it's different, scammers and criminals will take advantage of anything. So the whole ball game have change and hopefully Cloudfare will also adjust and take the responsibility. Community will have to react as well to report this kind of sites. Good find by the OP. Title: Re: [Warning]: Fake MetaMask Post by: robelneo on September 03, 2025, 10:44:13 PM It's a Cloudflare Pages, it's a script deployment service by Cloudflare Yes, just like any free script deployment site, all are prone and used to abuse, using different site, tools tend to get victims, etc. Their free service plan offers numerous perks, but this is problematic because scammers and hackers can exploit this feature to scam people at no cost. They should employ parameters to prevent people from abusing their test trial features. Seriously, it's their responsibility to regularly check those free deployed site at least once a week or so on their platform especially for those sub domain that is similar to existing platforms. I'm not familiar with the KYC rules on Cloudflare. Still, if they allow unverified new users to try their free features, then it's likely to be abused. If you undergo verification before using the platform's features, you will be less likely to launch a phishing site because they have your vital information, which authorities could request in the event of an investigation. They should implement strict verification for new users who want to test those services right away. This is what happened to the Ml domain, which hackers and scammers exploited because it can be used for free without undergoing KYC. Title: Re: [Warning]: Fake MetaMask Post by: PX-Z on September 03, 2025, 11:30:54 PM I'm not familiar with the KYC rules on Cloudflare. Still, if they allow unverified new users to try their free features, then it's likely to be abused. If you undergo verification before using the platform's features, you will be less likely to launch a phishing site because they have your vital information, which authorities could request in the event of an investigation. I don't think there is a KYC asking different personal info aside from name and email on that free service of cloudlflare. Actually you can even put different name and birthday etc. since there's no ID verification. Also, even it's not That's why its probably exploited.They should implement strict verification for new users who want to test those services right away. This is what happened to the Ml domain, which hackers and scammers exploited because it can be used for free without undergoing KYC. There are already many reports about the site being exploited, they should do more work to avoid it or lessen those. https://www.fortra.com/blog/cloudflare-pages-workers-domains-increasingly-abused-for-phishing |
