Malware disguised as cryptocurrency wallets used to steal from iOS and Android users
Cryptocurrency has been booming for a few years now, pulling in a lot of new investors who just want to see what’s going on. This has been good for plenty of people and boosted the profiles of tokens beyond the more well-known Bitcoin and Ethereum — but the influx of new investors has also given scammers a much larger field of victims to target, and security researchers withEsetuncovered a complex scheme involving Android and iOS apps that look like well-knowncryptocurrencywallets but are actually hiding malicious trojans designed to steal crypto instead.
Eset detailed its research ina post for the firm’s We Live Security blog, and what the company discovered revealed in part just how easy it is for cyberattackers to use internet buzz to lure a host of new victims. Beginning in 2021, Eset says it discovered “dozens” of Android and iOS apps that looked like legit crypto wallets such as Metamask or Coinbase — but they were carrying malware payloads and being distributed through sketchy websites that only appeared trustworthy. The malware operators were able to steal the seed phrases of their unwitting victims, giving them access to their real wallets.
It was a cleverly-designed attack. Eset writes that whoever made the malware found in the fake wallets “looked at some good, legitimate applications and copied the code for their own malicious purposes.” The offending code was well-hidden and the faked apps even appeared to work as they were supposed to. The individual or hacking team behind the scam even went as far as placing ads on trusted websites. They further expanded their reach by using middlemen found on Telegram and Facebook to lure more victims. Eset also discovered lax security on the cyberattackers' servers created a double threat. The malware sent victim seed phrases over insecure connections which could have allowed not just the operator of the scheme to steal the info, but anyone who might be listening in.
According to Eset, the apps did seem to primarily target Chinese users, but more than a dozen variations on one of them were found in the Play Store alone. Unfortunately, the code used to make the trojanized apps has been leaked and shared, so it’s still a threat. If you’re looking for cryptocurrency wallet apps, be sure you’re downloading from Apple’s App Store and that you haveGoogle Play Protectenabled the next time you use the Play Store.
The note-taking app I should have used all along
Broader branding hints at wider paid-tier ambitions
New data from Circana affirmed that Nintendo Switch 2 is still a resounding success in the United States, having now sold 2 million units
A hefty discount makes this a no-brainer
Stop me if you’ve heard this one before
Breaking language barriers, one feed at a time
