Researchers discovered malware masquerading as a cryptocurrency wallet that steals Bitcoin from affected iOS and Android users.
Since May 2021, “dozens of Trojanized crypto wallet ‘apps'” have been uncovered, according to a report published by the cybersecurity firm ESET and conducted by ESET Research.
Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, and y OneKey were among the websites that cloned the original pages and provided these programs.
ESET describes the attack as “clever” because they were able to “install their malicious code in locations where it would be difficult to detect,” as well as develop programs “that have the same functionalities as the original ones.”
Some of these malicious ‘apps’ also send seed phrases (a set of 12 to 24 words used to access a crypto wallet) from their victims to the attacker’s server over an insecure HTTP connection, allowing the funds to be stolen not only by the original cybercriminal, but also by another hacker on the same network.
ESET Research claims to have discovered more than 40 bogus websites “exclusively targeting” mobile users, which promote themselves on “genuine” sites by using “misleading material.”
The analysis also concluded that the threat would grow in the future, given that “intermediaries are being recruited from Telegram and Facebook groups” to propagate the “virus,” with a commission of up to 50% of the stolen funds being offered in exchange.
Furthermore, “the threat’s source code has been released and uploaded on several Chinese websites,” which “may entice” others and “infect her even further.”
With this evidence, the firm feels it is “highly likely” that it was the work of “a criminal group,” rather than a single person. Furthermore, they state that the primary target is Chinese users, yet given the popularity of cryptocurrencies, they do not rule out the possibility that “similar approaches be applied to other markets.”