13 apps removed after researchers uncover Trojan crypto wallet scheme

13 apps removed after researchers uncover Trojan crypto wallet scheme

Research by cyber security firm ESET has uncovered a “sophisticated scheme” that disseminates Trojan apps disguised as popular cryptocurrency wallets.

The malicious scheme targets mobile devices using Android or Apple (iOS) operating systems which become compromised if the user downloads a fake app.

Our top trading bots

According to ESET's research, these malicious apps are distributed through bogus websites, and imitate legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.

The firm also discovered 13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store. Google has since removed the offending apps, which were installed more than 1,100 times, but there are still many more lurking out there on other websites and social media platforms.

The threat actors disseminated their wares through social media groups on Facebook and Telegram, intending to steal crypto assets from their victims. ESET claims to have uncovered “dozens of trojanized cryptocurrency wallet apps,” going back to May 2021. It also stated that the scheme, which it believes is the work of one group, was primarily targeting Chinese users via Chinese websites.

Lukáš Štefanko, the researcher who unraveled the scheme, said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections, adding:

“This means that victims' funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”

The fake wallet apps behave slightly differently depending on where they are installed. On Android, it targets a new cryptocurrency that the user may not have previously traded, prompting the user to install the appropriate wallet. While on iOS the apps need to be downloaded using arbitrary trusted code-signing certificates circumnavigating Apple’s App Store. This means that the user can have two wallets installed simultaneously, the genuine one and the Trojan, but poses less of a threat since most users rely on App Store verification for their apps.

Related: Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

ESET advises cryptocurrency investors and traders to only install wallets from trusted sources that are linked to the official website of the exchange or company.

In February, Google Cloud unveiled the Virtual Machine Threat Detection (VMTD) system, which scans for and detects “cryptojacking” malware designed to hijack resources to mine digital assets.

According to a January Chainalysis report, cryptojacking accounted for 73% of the total value received by malware-related wallets and addresses between 2017 and 2021.

Keep reading upon Cointelegraph
With inflation going through the roof, Sudan’s central bank cautions citizens against using crypto
The Central Bank of Sudan (CBOS) cautioned the country’s citizens against dealing with “all types of cryptocurrencies” due to “the high risks” that they...
Here is how studying tokens’ price history helps patient traders enjoy consistent average gains.
Whether you consider cryptocurrency trading as art, science or a game of skill, one thing is beyond dispute: Those who excel at it are not the traders who...
Coinbase users can receive US tax refunds in crypto as part of TurboTax deal
Tax filing platform TurboTax is allowing U.S. filers to get their refunds directly in crypto as part of an arrangement with crypto exchange Coinbase.In...
Hong Kong-based Coinsuper allegedly blocks customers' withdrawals
A cryptocurrency exchange in Hong Kong has reportedly stopped all withdrawal requests, according to reports. Coinsuper is the sole crypto firm in China...
Coinbase CEO reportedly buys LA mansion for $133M
Brian Armstrong, CEO of Coinbase — the largest cryptocurrency exchange in the United States — reportedly made a multi-million-dollar real estate purchase...
Terra's Mirror protocol warns community against governance attack
Public blockchain network Terra has confirmed an ongoing scam attack via an official governance poll on Mirror, an in-house synthetic assets protocol. According...
UK advertising watchdog bans crypto ads for Coinbase and Kraken
The Advertising Standards Authority, or ASA, the United Kingdom’s independent advertising regulator, has taken down another batch of cryptocurrency-related...
Pension fund for Texas firefighters reportedly allocates $25M to Bitcoin and Ether
The pension fund for firefighters in Houston has allocated part of its $4 billion portfolio towards crypto.According to a Thursday Bloomberg report, the...
DeFi security project 'Lossless' helps recover $16.7M from Cream Finance hack
Lossless, a decentralized finance (DeFi) security outfit, has assisted in the recovery of 5,152.6 Ether (ETH) siphoned during the Cream Finance exploit...
Netflix to release documentary about QuadrigaCX CEO's mysterious life and death
Online streaming platform and production company Netflix will be producing a film on deceased crypto exchange QuadrigaCX founder Gerald Cotten.In a Sept....
Price analysis 9/3: BTC, ETH, ADA, BNB, XRP, SOL, DOGE, DOT, UNI, LINK
Bitcoin (BTC) finally broke above the $50,500 resistance and Ether (ETH) has risen above the $4,000 mark. This suggests that there is growing interest in...
XRP Climbs 19% In Bullish Trade
Investing.com - XRP was trading at $1.22988 by 13:00 (17:00 GMT) on the Investing.com Index on Saturday, up 18.69% on the day. It was the largest one-day...
VORTECS Report: Dammit, Musk, now you're messing with AAVE too?
Who knew what, and when did they know it?Investigating Watergate in 1973, Senator Howard Baker Jr. wanted the answer. Thanks to a couple of journalists,...
MakerDAO moves to expand collateral assets and upgrade liquidation engine
Decentralized lending and stablecoin protocol MakerDAO has opened governance voting to allow new tokens as collateral.A number of new collateral types have...
South Korea Assures No Ban For Cryptos As $600 mln Unlawful Trades Revealed
On Wednesday, January 31, cryptocurrency market keeps sinking in red even though the finance minister of South Korea reassured the authorities do not have...