Researchers discovered a Trojan crypto wallet scam resulting to the uninstallation of 13 applications.
Using social media groups and bogus websites, the plan, has been in existence since May 2021. The scam targeted Chinese internet users in particular.
The cyber security firm ESET conducted the research. To propagate the Trojan programs, the company used a “sophisticated strategy”. The trojans are masquerading as popular bitcoin wallets.
When a user installs a bogus program, the malicious scheme compromises the device’s operating system. Then, in turn, compromises the device’s network connection.
According to ESET’s research, these malicious apps makes use of bogus websites. It impersonate legitimate cryptocurrency wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. MetaMask is a cryptocurrency wallet that allows users to store and transfer bitcoins.
In addition, the company detected 13 malicious applications that pretended to be the Jaxx Liberty wallet. All of which is available on the Google Play Store. Google has subsequently removed the infringing 13 applications. This includes apps downloaded more than 1,100 times. Unfortunately, there are still many more hiding around on other websites and social media platforms, according to the company.
Using social media groups on Facebook and Telegram, the threat actors distributed their wares with the intent of stealing cryptocurrency assets from their victims. ESET claims to have discovered “dozens of trojanized cryptocurrency wallet apps” dating back to May 2021. The earliest discovery occurring in May 2021. It also stated that the plan, which it thinks to be the product of a single gang. A large amount of Chinese users has been the victim of the scam.
The scam made use of different Chinese websites to attack their victims.
As Luká Stefanko, the researcher who discovered the scam, explained, there were other threat vectors. Threats such as transmitting seed phrases to the attacker’s server over an insecure connection. Furthermore, hat he was working on other projects at the time.
It follows that not only the scheme’s operator, but also a different attacker eavesdropping on the same network. They might steal funds from their victims’ accounts.
On Android, it focuses on a new cryptocurrency that the user may not have previously traded, asking the user to download and install the necessary wallet software. When it comes to iOS, the apps must be downloaded through the use of arbitrary trustworthy code-signing certificates. This circumvents Apple’s App Store. In addition, this means that the user can have two wallets loaded at the same time, the genuine one and the Trojan. It offers less of a hazard because the majority of users rely on App Store verification for their mobile applications.
Those who are interested in cryptocurrency investing or trading should only download wallets from reputable sources. Especially those that are linked to the official website of the exchange or firm in question.
A virtual machine threat detection (VMTD) system, introduced by Google Cloud in February, searches for and identifies “cryptojacking” malware. The software aims to hijack resources in order to mine for digital assets (such as bitcoin).
The cryptojacking industry accounted for 73 percent of the total value received by malware-related wallets and addresses. This is between 2017 and 2021, according to a Chainalysis analysis published in January.
