Malware disguised as cryptocurrency wallets used to steal iOS and Android users

Cryptocurrency has been booming for a few years now, attracting many new investors who just want to see what happens. This has been good for a lot of people and boosted the tokens’ profiles beyond the more well-known Bitcoin and Ethereum – but the influx of new investors has also given scammers a much wider field of victims to target, and researchers Security from Eset have uncovered a complex scheme involving Android and iOS apps that look like well-known cryptocurrency wallets but actually hide malicious Trojans designed to steal crypto instead.
Eset detailed its research in a post for the company’s We Live Security blog, and what the company found revealed in part how easy it is for cyberattackers to use internet buzz to draw a crowd. new victims. As of 2021, Eset says it discovered “dozens” of Android and iOS apps that looked like legitimate crypto wallets such as Metamask or Coinbase – but they carried malware payloads and were distributed via sketchy websites that didn’t seem trustworthy. Malware operators were able to steal the seed phrases of their unwitting victims, giving them access to their real wallets.
It was a skillfully designed attack. Eset writes that whoever created the malware found in the fake wallets “reviewed good legitimate apps and copied the code for their own malicious purposes.” The offending code was well hidden and the fake apps even seemed to work as they were supposed to. The individual or hacking team behind the scam even went so far as to place advertisements on trusted websites. They have further expanded their reach by using intermediaries found on Telegram and Facebook to attract more victims. Eset also discovered that lax security on cyberattackers’ servers created a double threat. The malware sent seed phrases to the victim over unsecured connections, which could have allowed not only the operator of the scheme to steal the information, but anyone who might be listening.
According to Eset, the apps seemed to primarily target Chinese users, but more than a dozen variants of one of them were found in the Play Store alone. Unfortunately, the code used to create the trojanized apps has been leaked and shared, so it’s still a threat. If you are looking for cryptocurrency wallet apps, make sure you are downloading from the Apple App Store and have Google Play Protect enabled the next time you use the Play Store.
Read more
About the Author