Act as crypto wallets, many of malicious apps have appear online that aim to steal users’ funds around the world. These apps were available for both Android and iOS users as a part of a complex scheme, as per the research-base report.
The malicious apps in question were found to be impersonating crypto wallets such as Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, and OneKey.
The trojanise crypto wallets were first discover in May 2021 and initially target Chinese users.
As cryptocurrencies are becoming popular, the malicious techniques use by attackers could be expand to users around the world.
Internet security firm ESET has reported the discovery of malicious crypto wallets that appear to be available for both Android and iOS users.
The research conduct by ESET found a sophisticate scheme run by some anonymous attackers and identified over 40 websites impersonating popular crypto wallets.
These websites target mobile users and force visitors by different techniques to let them download malicious wallet apps.
Although the initial evidence suggest that the target could be Chinese users, it was later found that the scheme could be aim at anyone using English language on their phones.
The first trace of the distribution vector of the trojanise wallets was spot in May 2021.
The attackers use different Telegram groups to enrol people for distributing the malicious apps, as per the report.
Base on the information obtain, the researchers found that attackers were giving people a 50% commission on the stolen contents of the wallet.
This was aim to bring more people on board for circulating the malware.
The researchers also notice that the Telegram groups were share and promote in some Facebook groups, with a goal of searching for more distribution partners for the malware.
It could eventually expand the scope of malicious attacks by getting middlemen for targeting individuals.
The malware apps were pretending to work as legitimate crypto wallets, such as imToken, Bitpie, MetaMask, TokenPocket, and OneKey.
The apps behave differently depending on the operating system it was install on.
On Android, the apps target new crypto users who do not have a legitimate wallet app install on their devices.
The wallet apps were using the same package name to disguise themselves as their original counterparts.
They were sign using a different certificate.
This restricts these apps to not overwrite the official wallet on the device.
On iOS, the malicious crypto wallet apps could be install simultaneously alongside their legitimate version.
The malicious apps would only be install through a third-party source, though the official version could be from the App Store.
When install, the researchers found that the apps could steal seed phrases that are generate by a crypto wallet to give access to the crypto associated with that wallet.
These phrases were spot sharing with the attackers’ server or with a secret Telegram chat group.
ESET researchers also discover 13 fake wallet apps available on Google Play store that were remove in January on the basis of their request.
The apps impersonate the legitimate Jaxx Liberty Wallet app and were install more than 1,100 times.
The researchers advise users to download and install apps only from official sources, such as Google Play in case of Android and Apple’s App Store for the iPhone consumers.
You are also recommend to quickly uninstall apps if they find them of malicious nature.
In the case of iOS, users should also remove the configuration profile of malicious apps by going to Settings -> General -> VPN & Device Management when the apps are install.
Users who are planning to enter the crypto world and looking to set up a new wallet are recommend to use only a trust device and app before transferring any of their hard-earn money.
