
Malicious Copycat of Greymass EOS Voter Locks Users Out Of Their Accounts
The fake voter is being hosted from a site designed to look exactly like the official github repository of the official resource.
A malicious Reddit user, rogerhower34 has been spreading a link to a phishing version of Greymass EOS voter, and when unsuspecting users download the file, it seizes control of EOS accounts altering public and private keys.
On September 5, 2018 Reddit user marcel975 attested to his experience after rogerhower34 sent him a message recommending the malicious voter. According to marcel975, after the file was opened, “My public and private keys have been changed, only the account name is the same. I can see my account but cannot make any changes.”
A history of rogerhower34’s comments shows he’s made several comments telling users they can stake or transfer EOS using Greymass, as well as making claims that it is “recommended by Dan Larimer himself,” however the resource they link to is not the actual Greymass voting tool.
A quick look at the malicious url rogerhower34 has shared h[xx]p://www.github-greymass[dot]com/ shows that it’s a fraudulent site meant to mimic the actual voter from Greymass, which can be found at: https://github.com/greymass/eos-voter. Some users in the thread marcel975 authored also pointed out that the fraudster’s page lacks the proper SSL certificate as well, an immediate red flag, although the presence of a green lock is not necessarily an indicator that a site is safe.
Attacks such as this are a stark reminder of the necessity for the MetaCert Protocol to shift to a decentralized global verification system, powered by incentivized users. Doing so will increase the pace at which malicious resources can be classified, beyond the capacity of any one central entity.
If you want to get involved, download Cryptonite, the anti-phishing add-on for Chrome, Firefox, and Opera, if you haven’t already, and follow the instructions after clicking on “Beta Program” in the dropdown menu. Cryptonite not only blocks phishing sites, it also provides a visual cue when you land on a verified cryptocurrency related web resource or social media post.
Remember, Cryptonite is the only way that you can participate in the MetaCert Protocol Beta Program, where you’ll get a special opportunity to earn a bonus on tokens.
MetaCert Protocol is the best in the world at one thing — URL Classification.
MetaCert Protocol is decentralizing cybersecurity for the Internet, by defining ownership and URL classification information about domain names, applications, bots, crypto wallet addresses, social media accounts and APIs. The Protocol’s registry can be used by ISPs, routers, Wi-Fi hotspots, crypto wallets and exchanges, mobile devices, browsers and apps, to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility. Think of MetaCert Protocol as the modern version of the outdated browser padlock and whois database combined.

