A study by ESET, a cybersecurity firm, found a sophisticated scheme that distributes Trojan applications; Disguised with popular cryptocurrency wallets. Malicious Scheme targets mobile devices running Android or Apple operating systems, which suffer if the user downloads a fake app.
According to an ESET study, these malicious applications distribute through fake websites. Consequently, they imitate legitimate crypto wallets. These include Coinbase, MetaMask, TokenPocket, Bitpie, Trust Wallet, imToken, and OneKey. The firm also found 13 malicious apps in the Jaxx Liberty wallet available on the Google Play Store. Google removed malicious apps installed more than 1,100 times. However, many more were deleted on other websites and social media platforms.
The perpetrators spread their goods through social media groups. They were going to steal crypto assets from their victim on Telegram and Facebook. ESET says it discovered “dozens of cryptocurrency wallet apps after May 2021. It also noted that the Scheme, which It believes is the work of one group, aims at Chinese users through Chinese websites.
The researcher, Lukáš Štefanko, who opened the Scheme, said there were other threat vectors, such as sending phrases using attacker links on the attacker’s server. He said this means that the victim’s funds may steal by this operator and a different attacker listening to the same network.
Crypto Wallet Scheme
Counterfeit wallet apps behave slightly differently depending on where they install—they aim at a new cryptocurrency on Android that users might not trade before. This pushes the customer to install the appropriate wallet. When working on iOS, apps need to download using arbitrary code signing certificates around the Apple App Store. This means that the user can install two wallets simultaneously – Real and Trojan. However, it poses less risk because most users rely on the App Store to check for their apps.
ESET advises cryptocurrency investors and traders to install wallets only from trusted sources linked to the exchange or the company’s official website. In February, Google Cloud introduced a virtual machine threat detection system that scans and detects malicious cryptocurrencies. It is designed to capture digital assets to capture resources. According to a January report by Chainalysis, cryptocurrencies accounted for 73% of the total value received by wallets and addresses related to the malware in 2017 and 2021.
COMMENTS