13 apps removed after researchers uncover Trojan crypto wallet scheme

Published at: March 30, 2022

Research by cyber security firm ESET has uncovered a “sophisticated scheme” that disseminates Trojan apps disguised as popular cryptocurrency wallets.

The malicious scheme targets mobile devices using Android or Apple (iOS) operating systems which become compromised if the user downloads a fake app.

According to ESET's research, these malicious apps are distributed through bogus websites, and imitate legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.

The firm also discovered 13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store. Google has since removed the offending apps, which were installed more than 1,100 times, but there are still many more lurking out there on other websites and social media platforms.

The threat actors disseminated their wares through social media groups on Facebook and Telegram, intending to steal crypto assets from their victims. ESET claims to have uncovered “dozens of trojanized cryptocurrency wallet apps,” going back to May 2021. It also stated that the scheme, which it believes is the work of one group, was primarily targeting Chinese users via Chinese websites.

Lukáš Štefanko, the researcher who unraveled the scheme, said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections, adding:

“This means that victims' funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”

The fake wallet apps behave slightly differently depending on where they are installed. On Android, it targets a new cryptocurrency that the user may not have previously traded, prompting the user to install the appropriate wallet. While on iOS the apps need to be downloaded using arbitrary trusted code-signing certificates circumnavigating Apple’s App Store. This means that the user can have two wallets installed simultaneously, the genuine one and the Trojan, but poses less of a threat since most users rely on App Store verification for their apps.

Related: Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

ESET advises cryptocurrency investors and traders to only install wallets from trusted sources that are linked to the official website of the exchange or company.

In February, Google Cloud unveiled the Virtual Machine Threat Detection (VMTD) system, which scans for and detects “cryptojacking” malware designed to hijack resources to mine digital assets.

According to a January Chainalysis report, cryptojacking accounted for 73% of the total value received by malware-related wallets and addresses between 2017 and 2021.

Tags
Adoption
Scams
Android
Apple
Malware
Related Posts
Metaverse exploitation and abuse to rise in 2023: Kaspersky
Malware, ransomware attacks and phishing are not the only scourges of the crypto industry as the Metaverse could become a big target next year, according to cybersecurity experts. In its “Consumer Cyberthreats: Predictions for 2023” report on Nov. 28, cybersecurity firm Kaspersky forewarned that there will be greater exploitation of the Metaverse due to lacking data protection and moderation rules. Kaspersky acknowledged there are currently only a handful of metaverse platforms, but the number of metaverses is set to expand in the coming years and the market could even top $50 billion by 2026. That expansion will entice cyber criminals …
Adoption / Nov. 30, 2022
Presearch, Aragon and IOTA explode higher after Bitcoin price clips $50K
Optimism across the crypto market continues to rise as bullish developments in the price of Bitcoin (BTC) and Ethereum (ETH) renewed discussions about a 2013-style double-pump rally that could push Bitcoin's price past $100,000. The positive price action hasn’t been limited to the top two market leaders. Many altcoins continue to rally, and the "altseason" indicator from Cointelegraph Markets Pro is signaling that the momentum could continue for a while longer. Data from Cointelegraph Markets Pro and TradingView shows that the biggest gainers over the past 24 hours were Presearch (PRE), Aragon (ANT) and IOTA (MIOTA). Presearch's Android app will …
Adoption / Sept. 2, 2021
Opera Launches Special ‘Labs’ Version of Built-In Crypto Wallet for Desktop Browser
Opera is launching today a “Labs” special edition of its desktop web browser with built-in crypto wallet functionality, according to an exclusive blog post shared with Cointelegraph Monday, September 24. Opera first announced it would be integrating a built-in crypto wallet for its desktop browser in early August, and “Labs” is today open for private beta testers of Opera for Android. According to the blog post, the new edition will enable users to authenticate Web 3.0 and decentralized application (DApp) transactions made on their computer using their Android phone. “Labs” is therefore fully interoperable with the mobile crypto wallet that …
Adoption / Sept. 24, 2018
Presearch integrates OpenSea NFT search feature
Decentralized, privacy-centric search engine Presearch has announced a partnership agreement with leading nonfungible token (NFT) marketplace OpenSea to foster the growth of the Web 3.0 ecosystem for the global commons. The Presearch network is powered by a community of node operators and supporters who are rewarded in Ethereum-based PRE tokens for enhancing the network’s activity. According to analysis detailed in the company’s release, the platform has amassed a registration of 2.7 million users, in addition to facilitating 3.5 million daily search requests. Cointelegraph spoke to the founder of Presearch, Colin Pape, to attain an exclusive perspective on the inspiration behind …
Decentralization / Nov. 11, 2021
Apple stock jumps after CEO reveals it's investing in the Metaverse
Apple's stock price jumped in after hours trading after CEO Tim Cook said during the company’s Q1 2022 earnings call that he sees considerable potential in the Metaverse space. When asked on Jan. 27 during the call about Apple’s opportunities within the Metaverse, Cook responded “we see a lot of potential in this space and are investing accordingly.” “We're always exploring new and emerging technologies and I've spoken at length about how it's very interesting to us right now.” The Metaverse is an interoperable virtual universe created in part by users, offering socialization, gaming and even live concerts. Although it …
Adoption / Jan. 28, 2022