Cryptocurrency is here to stay and has already become part of our lives, new investors are flocking in and hackers are on the rise.
I saw a lot of news on popular social media Twitter some times last week where some metamask wallets were hacked and thousands of cryptocurrency were stolen which the owner can’t even explain how.
However, a security researcher has uncovered a complex scheme involving Android and iOS apps that look like well-known cryptocurrency wallets but are hiding malicious trojans designed to steal crypto instead.
According to the reports, starting in May 2021, our research uncovered dozens of trojanized cryptocurrency wallet apps. We found trojanized Android and iOS apps distributed through websites mimicking legitimate services. These malicious apps were able to steal victims’ secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.
The malware operators were able to steal the seed phrases of their unwitting victims, giving them access to their real wallets.
The main goal of these malicious apps is to steal users’ funds and until now we have seen this scheme mainly targeting Chinese users. As cryptocurrencies are gaining popularity, we expect these techniques to spread into other markets.
How they Operate
The malware sent victim seed phrases over insecure connections which could have allowed not just the operator of the scheme to steal the info, but anyone who might be listening in.
Eset writes that whoever made the malware found in the fake wallets “looked at some good, legitimate applications and copied the code for their own malicious purposes.” The offending code was well-hidden and the faked apps even appeared to work as they were supposed to. The individual or hacking team behind the scam even went as far as placing ads on trusted websites. They further expanded their reach by using middlemen found on Telegram and Facebook to lure more victims
ESET Research identified over 40 copycat websites of popular cryptocurrency wallets. These websites target only mobile users and offer them the download of malicious wallet apps.
In all, be careful of where you download your cryptocurrency applications from, most of them are Trojans in disguised.