Dozens of malicious apps are emerging online that are aimed at stealing the funds of users around the world under the guise of cryptocurrency wallets. According to a survey-based report, the app was available to both Android and iOS users as part of a complex scheme. The malicious app in question turned out to be spoofing crypto wallets such as Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, and OneKey. The Trojanized cryptocurrency was first discovered in May 2021 and was initially targeted at Chinese users. However, as cryptocurrencies become more widespread, the malicious techniques used by attackers could spread to users around the world.
Internet security company ESET has reported the discovery of a malicious cryptocurrency that appears to be available to both Android and iOS users.
A study conducted by ESET found advanced schemes being executed by anonymous attackers and identified over 40 websites impersonating popular crypto wallets. These websites target mobile users and force visitors to download malicious wallet apps in a variety of ways.
Initial evidence suggested that the target could be a Chinese user, but later it turned out that this scheme could be targeted at anyone who speaks English over the phone. I did.
“Most of the fake websites and apps distributed are in English, so we’re not just targeting Chinese users, so I think anyone in the world could be affected. (If you speak English), “ESET malware analyst Lukas Stefanko told Gadgets 360.
According to the report, the first traces of the Trojanized wallet distribution vector were discovered in May 2021. Attackers used various Telegram groups to register people to distribute malicious apps.
Based on the information obtained, researchers found that attackers were giving people a 50 percent fee for stolen wallets. This was aimed at getting more people involved to spread the malware.
Researchers have also noticed that some Facebook groups share and promote Telegram groups with the goal of finding more malware distribution partners. Ultimately, it could expand the scope of malicious attacks by acquiring intermediaries that target individuals.
According to researchers, malware apps pretended to act as legitimate crypto wallets such as imToken, Bitpie, MetaMask, TokenPocket, and OneKey.
According to researchers, apps behave differently depending on the operating system installed.
On Android, the app is intended for new crypto users who don’t have a legitimate wallet app installed on their device. The wallet app was disguised using the same package name as the original app. However, they were signed using a different certificate. This will limit these apps from overwriting the official wallet of your device.
However, on iOS, malicious crypto wallet apps can be installed at the same time as the legitimate version. Malicious apps are only installed from third-party sources, but the official version may be from the App Store.
Once installed, researchers have discovered that the app can steal the seed phrase generated by a crypto wallet and provide access to the crypto associated with that wallet. These phrases were found to be shared with the attacker’s server or a secret Telegram chat group.
ESET researchers have also discovered 13 fake wallet apps available on the Google Play store. These apps were removed in January on request. These apps have been installed over 1,100 times, impersonating the legitimate Jaxx Liberty Wallet app.
Researchers advise users to download and install apps only from official sources, such as Google Play for Android and Apple’s App Store for iPhone users. Also, if you find a malicious app, we recommend that you uninstall the app quickly. For iOS, users should also go to the following location and remove the malicious app’s configuration profile: Setting >> >> Universal >> >> VPN and device management Once the app is installed.
Users planning to enter the world of cryptocurrencies and considering setting up a new wallet are advised to use only trusted devices and apps before sending their hard-earned money. To do.
“Given that the attacker knows the history of all the victim’s transactions, the attacker may wait for a better opportunity after more coins have been deposited, rather than stealing funds immediately. “There is,” Stefanko wrote in the report.