A “sophisticated strategy” that disseminates Trojan apps disguised as popular bitcoin wallets have been discovered by cybersecurity firm ESET.
The program, which has been running since May 2021, targets Chinese people using fake websites and social media groups.
The malicious approach infects mobile devices running the Android or Apple (iOS) operating systems, which can be infected if the user clicks on a malicious link.
Malicious programs spoof actual crypto wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey, according to ESET’s research, and are disseminated through fake websites.
This is a huge problem…
Hundreds of cryptocurrency wallet apps have been infected with malware.
The company also discovered 13 malicious apps imitating the Jaxx Liberty wallet on the Google Play Store. Google has subsequently removed the infringing apps, which had been downloaded over 1,100 times, but many more are still lurking on other websites and social media platforms.
The threat actors used Facebook and Telegram groups to disseminate their wares with the purpose of stealing crypto assets from their victims.
ESET claims to have detected “dozens of trojanized bitcoin wallet apps” since May 2021. It further stated that the scheme, which it believes was done by a single gang, was primarily directed at Chinese consumers who used Chinese websites.
ALSO READ – 10+ companies to advocate for comprehensive crypto strategy
Why fake wallets?
The fake wallet apps work differently depending on where they are placed. It promotes the download of the requisite Android wallet for a new cryptocurrency that the user may not have traded previously.
To avoid Apple’s App Store, the apps must be downloaded via arbitrary trustworthy code-signing certificates on iOS.
This implies the user can have two wallets installed at once, one real and one Trojan, but this is less of a concern because most users rely on App Store verification for their apps.
Cryptocurrency users and traders should only download wallets from reliable sites linked to the exchange or company’s official website, according to ESET.
Google Cloud announced the Virtual Machine Threat Detection system in February, which checks for and detects “cryptojacking” malware that uses resources to mine digital currencies.
According to a January Chainalysis study, crypto-jacking accounted for 73 percent of the total value acquired by malware-related wallets and addresses between 2017 and 2021.
Source: https://www.thecoinrepublic.com/2022/03/31/trojan-scam-fake-wallets-schemes-have-been-busted/