The influx of new investors into the cryptocurrency space has opened up new opportunities for cybercriminals to target unwanted individuals. Security researchers at Eset have discovered 40 fakes of well-known cryptocurrency wallets. These crypto wallets hide malicious Trojans inside that are designed to steal all your crypto assets.
These malicious apps were able to steal victims’ secret initial phrases (passcodes used to access the crypto wallet) by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket or OneKey.
For beginners, a crypto wallet It is where all your cryptocurrency lies. This includes your tokens or coins, and Non-fungible tokens (NFTs) too. The encrypted wallet can be accessed via a so-called seed phrase – the equivalent of a password or passcode. Hackers want to get illegal permission to your passcode, because once they get it – they can steal all your encrypted assets.
Distribution channel: Telegram, Website
Telegram, is a widely used messaging platform. But it has also become a hub for pirated files and documents and also a favorite place for crypto enthusiasts to receive updates about Airdrop is comingor token or nft. However, the messaging platform is now being used by hackers to promote malicious copies of these crypto wallets.
In a blog post, Eset researchers said: “We assume that these groups were created by the threat actor behind this scheme who is looking for other distribution partners, and suggesting options such as telemarketing, social media, advertising, SMS, third-party channels, and fake sites. , and so on.” . It is worth noting that all the identified groups were communicating in Chinese.
These Telegram groups act as a distribution channel. Anyone who distributes this malware is offered a 50% commission on contents stolen from the wallet, according to Eset researchers.
Not only were it Telegram channels, but malicious wallets were also being distributed using two legitimate websites, targeting users in China. On these sites, in the “Investment and Financial Management” category, the researchers found up to six articles promoting mobile cryptocurrency wallets using fake websites, leading to downloads of malicious mobile apps that claim to be legitimate and trustworthy. These posts misuse the names of legitimate cryptocurrency wallets such as: imToken, Bitpie, MetaMask, TokenPocket, OneKey and Trust Wallet.
Target Android and iOS users
It seems that hackers target Android and iOS users differently. On Android, the hackers are targeting new crypto users who do not yet have a legitimate wallet app installed on their devices. This means that if the official wallet is already installed on an Android smartphone, the malicious app will not be able to overwrite it because the key used to sign the fake app is different from the legitimate one. This is the standard security model for Android apps, where non-genuine versions of an app cannot replace the original.
However, on iOS, the victim can install both versions – the legitimate version from the App Store and the malicious version from the website.
Eset researchers advised users to download and install apps only from official sources, such as the Google Play Store or the Apple App Store. For an iOS device, downloading apps only from the official App Store, being especially careful about accepting configuration profiles, and avoiding jailbreaking on this platform are the most desirable prevention recommendations.
.
[ad_2]
