Back to top
  • 공유 Share
  • 인쇄 Print
  • 글자크기 Font size
URL copied.

Security firm discovers new crypto scheme deploying fake Trojan apps disguised as crypto wallets

Wed, 30 Mar 2022, 08:21 am UTC

The team discovered 13 malicious apps impersonating the Jaxx Liberty wallet on the Google Play store. Google has already removed the fake apps.

With the increasing popularity of cryptos such as Bitcoin (BTC) and Ethereum (ETH) and the subsequent rise in their prices, cybercriminals are now increasingly modifying their schemes to specifically target crypto owners. A cyber security firm has recently uncovered what it calls a “sophisticated scheme” that fools victims to download Trojan apps disguised as crypto wallets.

Cyber security firm ESET has discovered a “sophisticated malicious cryptocurrency scheme” targeting Android and iOS devices that become compromised once a user unwittingly downloads a fake app. “Malicious apps are distributed through fake websites, mimicking legitimate wallet services such as Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey,” ESET wrote in a report.

“The main goal of this scheme is to steal cryptocurrency funds, especially those of Chinese users,” the company said. “With cryptocurrencies gaining popularity and the apparent leak of the source code of this threat, ESET expects these techniques to spread to other markets.”

The firm has uncovered dozens of trojanized crypto wallet apps since May 2021. According to ESET researchers, the malware’s authors must have carried out an in-depth analysis of the legitimate apps. This enabled the authors to insert their own malicious code in areas that are hard to detect while maintaining the functionalities of the original apps.

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection,” Lukáš Štefanko, ESET researcher who discovered the scheme, said. “This means that victims’ funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”

The team discovered 13 malicious apps impersonating the Jaxx Liberty wallet on the Google Play store. Google has already removed the fake apps.

The group also used social media and messaging platforms to spread the malicious apps. ESET found dozens of Telegram groups promoting the fake apps, which were also promoted by at least 56 Facebook groups.

“At the time of publication, the price of bitcoin has decreased almost by half from its all-time high about four months ago,” Štefanko said. “For cryptocurrency investors, this might be a time either to panic and withdraw their funds, or for newcomers to jump at this chance and buy cryptocurrency for a lower price. If you belong to one of these groups, you should pick carefully which mobile app to use for managing your funds.”

TokenPost | [email protected]

<Copyright ⓒ TokenPost, unauthorized reproduction and redistribution prohibited>

Most Popular

Comment 76

Comment tips

Great article. Requesting a follow-up. Excellent analysis.

0/1000

Comment tips

Great article. Requesting a follow-up. Excellent analysis.
alert("SQLSTATE[42S02]: Base table or view not found: 1146 Table \'tokenpostcom.ExperienceClient\' doesn\'t exist");