ESET researchers uncover Trojan crypto wallet scheme and had 13 apps removed as the scheme was in operation since May 2021 and targeted Chinese users via social media groups and fake websites so let’s read more in today’s latest cryptocurrency news.
The cyber security firm ESET researchers uncover a sophisticated scheme that disseminates Trojan apps that are disguised as popular crypto wallets. The scheme targeted mobile devices using Android or Apple operating systems that became compromised if the user downloaded a fake app. According to the researcher, the malicious apps are distributed through fake websites and limitate legitimate crypto wallets like Coinbase, MetaMask, Trust Wallets, TokenPocket, OneKey, and more. The company also discerned 13 malicious apps impersonating the Jaxx Liberty wallet that can be found on Google Play Store.
Google since removed the offending apps that were installed up to 1100 times but there are still many more lurking out on other websites and social media platforms. The threat actors disseminated the wares via social media groups on Telegram or Facebook and aimed to steal cryptoassets from their victims. ESET claims to have uncovered dozens of trojanized crypto wallet apps all the way from 2021. it also stated that the scheme which it thinks is the work of one group was mainly targeting Chinese users via Chinese websites.
Lukas Stefanko who is the researcher that found out about the scheme said that there were other threat vectors like sending seed phrases to the attackers’ server using the unsecured connections and added:
“This means that victims’ funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”
The fake wallet apps behave differently depending on where they are installed. It targets new crypto that the user could not have previously traded and prompts the users to install the right wallet. While on iOS, the apps have to be downloaded using arbitrary trusted code-signing certificates and bypass Apple’s App Store. This means that the users can have two wallets installed at the same time such as the genuine one and the trojan one but there’s less of a threat since most users only rely on App Store verification for their apps.
ESET advised crypto investors and traders to install wallets from trusted sources alone that are linked to the official website or the exchange or company. Google Cloud also unveiled the Virtual Machine Threat Detection system that scans for crypto-jacking malware that is designed to hijack resources and mine digital assets. According to a January chainalysis report, Cryptojacking accounted for 73% of the total value recieved in malware attacks and addresses between 2017 and 2021.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post