13 apps removed after researchers uncover Trojan crypto wallet scheme

Please fol­low and like us:
Pin Share

Research by cyber secu­ri­ty firm ESET has uncov­ered a “sophis­ti­cat­ed scheme” that dis­sem­i­nates Tro­jan apps dis­guised as pop­u­lar cryp­tocur­ren­cy wallets.

The mali­cious scheme tar­gets mobile devices using Android or Apple (iOS) oper­at­ing sys­tems which become com­pro­mised if the user down­loads a fake app.

Accord­ing to ESET’s research, these mali­cious apps are dis­trib­uted through bogus web­sites, and imi­tate legit­i­mate cryp­to wal­lets, includ­ing Meta­Mask, Coin­base, Trust Wal­let, Token­Pock­et, Bit­pie, imTo­ken, and OneKey.

The firm also dis­cov­ered 13 mali­cious apps imper­son­at­ing the Jaxx Lib­er­ty wal­let, avail­able on the Google Play Store. Google has since removed the offend­ing apps, which were installed more than 1,100 times, but there are still many more lurk­ing out there on oth­er web­sites and social media platforms.

The threat actors dis­sem­i­nat­ed their wares through social media groups on Face­book and Telegram, intend­ing to steal cryp­to assets from their vic­tims. ESET claims to have uncov­ered “dozens of tro­janized cryp­tocur­ren­cy wal­let apps,” going back to May 2021. It also stat­ed that the scheme, which it believes is the work of one group, was pri­mar­i­ly tar­get­ing Chi­nese users via Chi­nese websites.

Lukáš Šte­fanko, the researcher who unrav­eled the scheme, said that there were oth­er threat vec­tors, such as send­ing seed phras­es to the attacker’s serv­er using unse­cured con­nec­tions, adding:

“This means that vic­tims’ funds could be stolen not only by the oper­a­tor of this scheme but also by a dif­fer­ent attack­er eaves­drop­ping on the same network.”

The fake wal­let apps behave slight­ly dif­fer­ent­ly depend­ing on where they are installed. On Android, it tar­gets a new cryp­tocur­ren­cy that the user may not have pre­vi­ous­ly trad­ed, prompt­ing the user to install the appro­pri­ate wal­let. While on iOS the apps need to be down­loaded using arbi­trary trust­ed code-sign­ing cer­tifi­cates cir­cum­nav­i­gat­ing Apple’s App Store. This means that the user can have two wal­lets installed simul­ta­ne­ous­ly, the gen­uine one and the Tro­jan, but pos­es less of a threat since most users rely on App Store ver­i­fi­ca­tion for their apps. 

Relat­ed: Hodlers beware! New mal­ware tar­gets Meta­Mask and 40 oth­er cryp­to wallets

ESET advis­es cryp­tocur­ren­cy investors and traders to only install wal­lets from trust­ed sources that are linked to the offi­cial web­site of the exchange or company.

In Feb­ru­ary, Google Cloud unveiled the Vir­tu­al Machine Threat Detec­tion (VMTD) sys­tem, which scans for and detects “cryp­to­jack­ing” mal­ware designed to hijack resources to mine dig­i­tal assets.

Accord­ing to a Jan­u­ary Chainal­y­sis report, cryp­to­jack­ing account­ed for 73% of the total val­ue received by mal­ware-relat­ed wal­lets and address­es between 2017 and 2021.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *