ESET Research Issues Crypto Theft Warning, Seed Phrases At Risk

ESET Research, the information security research arm of cybersecurity firm ESET, has issued an emergency crypto threat warning. The warning details how attacks have become prevalent in mobile devices, in particular through applications like Coinbase, MetaMask, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey, among others.

According to infosec researchers at ESET, certain malicious applications are being distributed through fake websites, mimicking legitimate wallet apps such as MetaMask and Coinbase. The scheme is currently targeting mobile phone users and has since been spread through platforms such as Telegram and Facebook.

“You should pick carefully which mobile app to use for managing your funds,” shares Lukáš Štefanko, an ESET researcher who has discovered the scheme. Štefanko adds that the current downtrend in Bitcoin and the crypto market in general could cause users to sell in panic and withdraw funds.

ESET’s research indicates that the scheme was tracked in China, but could be expected to spread to global markets soon.

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection. This means that victims’ funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network,” explains Štefanko.

Štefanko adds that the discovered attack vector is sophisticated, given how the threat actor has carried out an “in-depth analysis” of the legitimate applications that it duplicates and exploits.

This scheme enables the threat actor to insert malicious code into areas of an app’s codebase that are harder to detect, while also mirroring the functionalities of the original app. By injecting a falsified dynamic library to an IPA file (iOS App Store Package), the threat actors are also able to bypass security layers from the Apple App Store. Android devices on the other hand, receive a patched binary file, which processed a user’s seed phrases and sent them to and indexing server for later use. The researcher also points out that such a scheme could likely be the work of one criminal group.

The researchers have advised users to download and install crypto apps only from official sources, and to check if those sources (i.e., a protocol’s website, etc.) are legitimate. ESET is also actively working with Google and Apple to remove the malicious applications found on the app stores.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Source: https://cryptodaily.co.uk/2022/03/eset-research-issues-crypto-theft-warning-seed-phrases-at-risk