13 apps removed after researchers uncover Trojan crypto wallet scheme

13 apps removed after researchers uncover Trojan crypto wallet scheme

Research by cyber security firm ESET has uncovered a “sophisticated scheme” that disseminates Trojan apps disguised as popular cryptocurrency wallets.

The malicious scheme targets mobile devices using Android or Apple (iOS) operating systems which become compromised if the user downloads a fake app.

Our top trading bots

According to ESET's research, these malicious apps are distributed through bogus websites, and imitate legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.

The firm also discovered 13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store. Google has since removed the offending apps, which were installed more than 1,100 times, but there are still many more lurking out there on other websites and social media platforms.

The threat actors disseminated their wares through social media groups on Facebook and Telegram, intending to steal crypto assets from their victims. ESET claims to have uncovered “dozens of trojanized cryptocurrency wallet apps,” going back to May 2021. It also stated that the scheme, which it believes is the work of one group, was primarily targeting Chinese users via Chinese websites.

Lukáš Štefanko, the researcher who unraveled the scheme, said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections, adding:

“This means that victims' funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”

The fake wallet apps behave slightly differently depending on where they are installed. On Android, it targets a new cryptocurrency that the user may not have previously traded, prompting the user to install the appropriate wallet. While on iOS the apps need to be downloaded using arbitrary trusted code-signing certificates circumnavigating Apple’s App Store. This means that the user can have two wallets installed simultaneously, the genuine one and the Trojan, but poses less of a threat since most users rely on App Store verification for their apps.

Related: Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

ESET advises cryptocurrency investors and traders to only install wallets from trusted sources that are linked to the official website of the exchange or company.

In February, Google Cloud unveiled the Virtual Machine Threat Detection (VMTD) system, which scans for and detects “cryptojacking” malware designed to hijack resources to mine digital assets.

According to a January Chainalysis report, cryptojacking accounted for 73% of the total value received by malware-related wallets and addresses between 2017 and 2021.

Keep reading upon Cointelegraph
SEC files complaint against operator of 'unregistered' $33M Crowd Machine ICO
The United States Securities and Exchange Commission (SEC) has filed a suit against Australian Craig Derel Sproule for the allegedly “fraudulent and unregistered”...
Report suggests BlackRock has 'no current plans' to launch crypto ETF as deadline for VanEck's offering approaches
BlackRock Financial Management’s global head of iShares and index investments said the financial firm will likely not be launching exchange-traded funds...
Dutch multinational ING considers entering DeFi lending industry
In a presentation made during the Singapore Fintech Festival, Annerie Vreugdenhil, chief innovation officer of ING, announced the firm is working on a trial...
UK Gambling Commission opens inquiry into fantasy NFT soccer game Sorare
The Gambling Commission in the UK has opened an inquiry into Sorare, a popular NFT fantasy soccer game that raised $680M in a funding round last month“The...
SEC Chair Gary Gensler actually is pro-Bitcoin, Volt Equity CEO argues
The founder of Volt Equity believes that United States regulators have a fair reason to be slow in approving a pure Bitcoin (BTC)-related exchange-traded...
Shiba Inu is now a top-20 cryptocurrency with SHIB price soaring 300% in 9 days
The run-up in the price of Shiba Inu (SHIB) so far in October pushed the SHIB token to become the 20th largest digital asset by market capitalization.Shiba...
The ongoing NFT boom: Can supply of nonfungibles outweigh demand?
Nonfungible tokens, or NFTs, have taken the cryptocurrency sector by storm in 2021. The growing interest in these digital collectibles resulted in record-breaking...
Altcoin Roundup: High Ethereum fees kick-start a liquidity migration to layer-1 platforms
In the ever-evolving world of cryptocurrencies and blockchain technology, the race to establish a highly scalable, user-friendly network capable of being...
Portuguese national football team launches fan token with Socios
Blockchain-based sports platform Chiliz has partnered with the Portuguese Football Federation to release fan tokens on Socios.In a Thursday announcement...
China's central bank urges tougher crackdown on cryptocurrencies
SHANGHAI (Reuters) - China's central bank said on Monday it had summoned some banks and payment institutions recently, urging them to crack down harder...
Microsoft quietly closing down Azure blockchain in September
Microsoft is turning off its corporate Azure Blockchain Service on September 10 and will not accept any new deployments effective immediately, with no official...
Brexit and fintech: A spring stocktake
It has been four months since the Brexit trade deal came into effect between the United Kingdom and the European Union. The deal, in common with other free...
DeFi aggregator raided by five hackers on launch day
Fledgling decentralized finance protocol ForceDAO has had a rough start, with several incursions from hackers taking place just hours after it launched.The...
Michael Jordan, Will Smith join $305M funding round for NBA Top Shot maker Dapper Labs
NBA Top Shot maker Dapper Labs has secured about $305 million in new funding round from investors.According to a report by Business Insider on Tuesday,...
Bitcoin or Altcoins? Which Coin Is The Most Adopted As Money
Adherents of the traditional financial world rarely think heavens of virtual money. The cyber assets often get criticized for their volatile nature and...