ESET reveals cryptocurrency theft scheme from Android and iOS wallets

ESET reveals cryptocurrency theft scheme from Android and iOS wallets

ESET Research reports that since May 2021, the company’s experts have identified dozens of mobile apps using a Trojanized wallet program for Android and iOS platforms to steal cryptocurrency.

ESET experts found that the authors of the malicious code conducted an in-depth analysis of legitimate apps misused in the criminal scheme. This allowed them to embed their own code in implicit and hard-to-detect locations. At the same time, the applications modified by the attackers fully preserved their functionality.

“These malicious applications pose a threat because some of them send the victim’s secret sid-phrases to the attackers’ server using an unsecured HTTP connection. This means that victims’ funds can be stolen not only by the schema operator, but also by any attacker monitoring the same network. We also found 13 malicious apps posing as Jaxx Liberty Wallet. These apps were available in the Google Play store”, said ESET Research analyst Lukáš Štefanko.

According to ESET Research, the malicious apps are distributed through fake websites that almost entirely mimic the official sites of popular cryptocurrency wallets, such as Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, OneKey and the like.

When analyzing fake app promotion channels, ESET Research points out that it can occur through misleading banner ads and articles posted on supposedly official sites. Advertising offers on social networks, where attackers can recruit intermediaries via Telegram or Facebook groups to further distribute malicious apps, should be critically evaluated.

Based on circumstantial evidence, ESET suggests that the source code for this new threat was published on several Chinese websites, contributing to the spread of Trojanized cryptocurrency wallet apps.

Recently, the developers of the Ronin Network sidechain involved in the Axie Infinity game reported a hacking attack in which attackers managed to crack private keys and steal 173,600 ETH and 25.5 million USDC.

0 0 votes
Article Rating
Written by Renat
Notify of
Inline Feedbacks
View all comments