Explorer

New Malware Disguised As Crypto Wallet Surfaces, Steals Funds From iOS, Android Devices

A new malware disguised as crypto wallets has surfaced that is being distributed via Android and iOS apps through websites that mimick legit services.

New Delhi: At a time when malware attacks happen almost every day, a new malware disguised as crypto wallets has surfaced that is being distributed via Android and iOS apps through websites that mimick legit services. According to ESET Internet Security researchers, these malicious apps have the capability to steal victims’ secret seed phrases by impersonating crypto wallets such as Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey. 

"This is a sophisticated attack vector since the malware’s author carried out an in-depth analysis of the legitimate applications misused in this scheme, enabling the insertion of their own malicious code into places where it would be hard to detect while also making sure that such crafted apps had the same functionality as the originals. At this point, we believe that this is the work of one individual attacker or, more likely, one criminal group," Lukas Stefanko, Malware Researcher at ESET, said in a statement.

The malware disguised as crypto wallets is stealing users’ funds from iOS and Android devices and until now it has been mainly targeting Chinese users. As cryptocurrencies are gaining popularity globally, this malicious copycat of crypto wallets may spread into other markets. According to ESET Research, more than 40 copycat websites of popular cryptocurrency wallets have been identified so far. These websites target only mobile users and offer them the download of malicious wallet apps.

"This is further supported by the public sharing, in November 2021, of the source code of the front-end and back-end distribution website, including the recompiled APK and IPA files. We found this code on at least five websites, where it was shared for free, and thus expect to see more copycat attackers. From the posts we found, it is difficult to determine whether it was shared intentionally or if it leaked," Stefanko added.

ESET's security researchers were able to trace the distribution vector of these trojanised cryptocurrency wallets back to May 2021 based on the domain registration that was provided for these malicious apps in the wild, as well as the creation of several Telegram groups that started to search for affiliate partners.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Bangladesh Seeks Return Of Deposed PM Sheikh Hasina, Sends Note Verbale To India
Bangladesh Seeks Return Of Deposed PM Sheikh Hasina, Sends Note Verbale To India
Centre Allows Schools To Fail Students In Classes 5 And 8, Amends RTE Rules
Centre Allows Schools To Fail Students In Classes 5 And 8, Amends RTE Rules
Delhi High Court Refuses Anticipatory Bail To Ex-IAS Probationer Puja Khedkar: 'Classic Case Of Fraud'
Delhi HC Refuses Anticipatory Bail To Ex-IAS Probationer Puja Khedkar: 'Classic Case Of Fraud'
Rahul Gandhi In Parbhani Accuses CM Fadnavis Of Lying About Custodial Death, Says Man ‘Killed’ Because He Was Dalit
Rahul Gandhi In Parbhani Accuses CM Fadnavis Of Lying About Custodial Death, Says Man ‘Killed’ Because He Was Dalit
Advertisement
ABP Premium

Videos

Sambhal News: Two New Corridors Found in Ancient Stepwell Excavation in ChandausiLucknow Police Encounters Robbers, Arrests Trio Involved in Bank Heist, One InjuredSambhal Stepwell Excavation: Truth to be Revealed, Major Discoveries Await - ABP NewsProtests Outside Allu Arjun's House Over 'Pushpa 2' Stampede Incident, Accused Granted Bail

Photo Gallery

Embed widget