New Malware Disguised As Crypto Wallet Surfaces, Steals Funds From iOS, Android Devices
A new malware disguised as crypto wallets has surfaced that is being distributed via Android and iOS apps through websites that mimick legit services.
New Delhi: At a time when malware attacks happen almost every day, a new malware disguised as crypto wallets has surfaced that is being distributed via Android and iOS apps through websites that mimick legit services. According to ESET Internet Security researchers, these malicious apps have the capability to steal victims’ secret seed phrases by impersonating crypto wallets such as Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.
"This is a sophisticated attack vector since the malware’s author carried out an in-depth analysis of the legitimate applications misused in this scheme, enabling the insertion of their own malicious code into places where it would be hard to detect while also making sure that such crafted apps had the same functionality as the originals. At this point, we believe that this is the work of one individual attacker or, more likely, one criminal group," Lukas Stefanko, Malware Researcher at ESET, said in a statement.
The malware disguised as crypto wallets is stealing users’ funds from iOS and Android devices and until now it has been mainly targeting Chinese users. As cryptocurrencies are gaining popularity globally, this malicious copycat of crypto wallets may spread into other markets. According to ESET Research, more than 40 copycat websites of popular cryptocurrency wallets have been identified so far. These websites target only mobile users and offer them the download of malicious wallet apps.
"This is further supported by the public sharing, in November 2021, of the source code of the front-end and back-end distribution website, including the recompiled APK and IPA files. We found this code on at least five websites, where it was shared for free, and thus expect to see more copycat attackers. From the posts we found, it is difficult to determine whether it was shared intentionally or if it leaked," Stefanko added.
ESET's security researchers were able to trace the distribution vector of these trojanised cryptocurrency wallets back to May 2021 based on the domain registration that was provided for these malicious apps in the wild, as well as the creation of several Telegram groups that started to search for affiliate partners.
Top Headlines
