A malicious app posing as a cryptocurrency wallet was found to steal funds from Android and iOS users.
In recent days, dozens of malicious applications posing as crypto wallets have appeared on the internet that aim to steal funds from users around the globe. It was found that the apps were available to both Android and iOS users as part of a complex scheme, according to a report from a research firm. It has been discovered that the malicious apps in question are impersonating crypto wallets, including Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, and OneKey. The trojans used to create crypto wallets were first discovered in May 2021 and initially targeted Chinese users. As cryptocurrencies gain popularity, the malicious techniques used by attackers will most likely be extended to users worldwide as a result.
It has been reported that the internet security firm ESET has discovered malicious crypto wallets that are available to both Android and iOS users.
As part of the research conducted by ESET, they discovered a sophisticated scheme run by anonymous hackers and identified over 40 websites that looked just like popular crypto wallets. Using different techniques, these websites target mobile users and force them to download malicious wallet apps by forcing them to use various methods.
Although the initial evidence suggested that it may have targeted Chinese users, it turned out that the scheme could have been targeted at anyone who uses the English language on their phone.
“Since most of the distributed fake websites and apps are in the English language, they aren’t just targeting Chinese users.
The first trace of the distribution vector of the trojanised wallets was spotted in May 2021. According to the report, the attackers used different Telegram groups to enrol people for distributing the malicious apps.
Researchers discovered that attackers were offering people a 50 per cent commission for selling stolen wallet contents to spread the malware.
Researchers also noticed that Telegram groups were promoted in some Facebook groups in an attempt to find distribution partners for the malware. This could ultimately expand the reach of malicious attacks by enabling more individuals to be targeted.
The researchers found that the malware apps, like imToken, Bitpie, MetaMask, TokenPocket, and OneKey were posing as legitimate crypto wallets.
According to the researchers, the apps behave differently depending on the operating system they are installed on.
These apps target new crypto users who do not have a legitimate wallet app installed on their devices. The apps used the same package name as their original counterparts but were signed using a different certificate. This prevented them from overwriting the official wallet on the device.
On iOS, however, the malicious crypto wallet applications could be installed in addition to their legit versions. They could only be installed through a third-party source, but the official version could be obtained from the App Store.
Upon installation, the researchers found that the apps could steal seed phrases generated by a crypto wallet to gain access to the crypto associated with that wallet. These phrases were shared with the attacker’s server as well as a Telegram chat group.
A team of ESET researchers found 13 fraudulent wallet apps available on the Google Play store that were removed in January based on their request. The apps impersonated the legitimate Jaxx Liberty Wallet app and were installed more than 1,100 times.
Researchers advise users to only download and install apps from official sources, such as Google Play for Android users and Apple’s App Store for iPhone users. Users are also advised to uninstall malicious apps immediately. In the case of iOS, users should remove malicious apps’ configuration profiles by going to Settings > General > VPN & Device Management once the application is installed.
Anyone who intends to enter the crypto world and wants to set up a new wallet is advised to use a trusted device and app before transferring any hard-earned cash.Otherwise your money will be taken away by these hackers.