Malicious crypto-wallets target android, iOS users

Crypto wallets have become popular in recent times, making them easy targets for attackers. Internet security firm ESET has now reported to have discovered malicious crypto wallets, a new malware that is capable of infecting both Android and iOS devices.

Security researchers at ESET have uncovered 40 copycat of well-known cryptocurrency wallets. These crypto wallets hide malicious trojans inside them engineered to steal all your crypto assets. These malicious apps — available for both Android and iOS — posed as crypto wallets, were able to steal victims’ passcodes to access crypto wallet.

According to the researchers, the malware apps were pretending to work as legitimate crypto wallets, such as imToken, Bitpie, MetaMask, TokenPocket, and OneKey.

The trojanised crypto wallets were first discovered in May 2021 and initially targeted Chinese users. However, as cryptocurrencies are becoming popular globally, the malicious techniques used by attackers could be expanded to users around the world. Nearly 7,000 people lost more than $80 million in crypto scam between October 2020 and March 2021 — a 1,000% increase from a year ago, according to the Federal Trade Commission.

“They are not targeting only Chinese users, since most of the distributed fake websites and apps are in English language. Because of that, I believe it might affect anyone in the world (if they speak English),” Lukas Stefanko, Malware Analyst at ESET, told Welivesecurity, where the report was first published.  

Also read: Ransomware attacks on Indian firms tripled in 2021; Maharashtra most-targeted state

The researchers also noticed that these Telegram groups were shared and promoted in some Facebook groups, with an aim of searching for more distribution partners for the malware. Based on the information obtained, the researchers found that attackers were giving people a 50 per cent commission on the stolen contents of the wallet. 

The apps behave differently depending on the operating system it was installed on, the researchers said.

For example, on Android, the apps targeted new crypto users who do not have a legitimate wallet app installed on their devices. The wallet apps were using the same package name to disguise themselves as their original counterparts. However, they were signed using a different certificate. This restricts these apps to not overwrite the official wallet on the device.

However, on iOS, the malicious crypto wallet apps could be installed simultaneously alongside their legitimate version. The malicious apps would only be installed through a third-party source, though the official version could be from the App Store.

Once installed, the researchers found that the apps could steal passcodes generated by a crypto wallet to give access to the crypto associated with that wallet. These phrases were spotted sharing with the attackers’ server or with a secret Telegram chat group.

ESET researchers also said that discovered 13 fake wallet apps available on Google Play store that were removed in January on the basis of their request.  

The researchers recommend users to download and install apps only from official sources, such as Google Play in case of Android and Apple’s App Store for the iPhone consumers. Users are also recommended to quickly uninstall apps if they find them of malicious nature.

“Considering that the attackers know the history of all the victim’s transactions, the attackers might not steal the funds immediately and might rather wait for a better opportunity after more coins are deposited,” Stefanko mentioned in the report.    

In January, Bitdefender, a cyber security firm, brings out a report on cyber criminals were stealing cryptocurrency wallet contents, passwords, and security phrases, targeting crypto wallets users on their PCs. According to Bitdefender, a crypto-wallet stealing malware dubbed ‘BHUNT’ enters computers through pirated software installs, and attacks Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin and Litecoin wallets.