Monday, May 23, 2022
About us | Contact
Blockzeit
  • bitcoinBitcoin(BTC)$29,366.00-1.99%
  • ethereumEthereum(ETH)$2,000.91-0.40%
  • binancecoinBNB(BNB)$326.552.96%
  • SolanaSolana(SOL)$50.88-1.87%
  • dogecoinDogecoin(DOGE)$0.084679-0.72%
  • Home
    • Business
    • Politics
  • Markets
  • Investing
  • Technology
  • Trends
  • NFTs
    • Metaverse
  • Education
    • Glossary
    • Buy Crypto
      • Buy Cardano
  • Events
    • Metaverse Events
No Result
View All Result
  • EnglishEnglish
    • EnglishEnglish
    • DeutschDeutsch
    • PortuguêsPortuguês
  • Home
    • Business
    • Politics
  • Markets
  • Investing
  • Technology
  • Trends
  • NFTs
    • Metaverse
  • Education
    • Glossary
    • Buy Crypto
      • Buy Cardano
  • Events
    • Metaverse Events
No Result
View All Result
Blockzeit
No Result
View All Result
Home Education
Fake Bitcoin Wallet Apps

Fake Bitcoin Wallet Apps

Cybersecurity Firm ESET Flags 13 Malicious Apps in Trojan Crypto Wallet Scheme

Tom Nyarunda by Tom Nyarunda
March 30, 2022
in Education
Reading Time: 3 mins read
0
Share on FacebookShare on TwitterShare on LinkedinShare via WhatsappShare via Email

The scheme, which mainly targeted Chinese users through social media groups and fake websites, has been running since May 2021.

An investigation by leading cybersecurity firm EST has lifted a lid on a “sophisticated scheme” by criminals who spread Trojan Horse Apps disguised as popular cryptocurrency wallets. The malicious plan targeted mobile devices running on Apple (iOS) and Android operating systems, which they would compromise as soon as an unsuspecting user downloaded a fake App. 

According to the ESET investigation, the crooks distributed the 13 malicious Apps using fake websites that imitated legitimate cryptocurrency wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneK. Google has since removed the offending apps from Google Play Store, which over 1,100 unsuspecting users may have installed. However, there are chances that the malicious Apps were still lurking somewhere on other websites or social media platforms.  

Uncovered dozens of trojanized cryptocurrency wallet Apps

Cybercriminals have always disseminated their wares via social media groups on Facebook and Telegram, with their only intention being to steal cryptocurrencies from their victims. ESET indicated in its report it had uncovered “dozens of trojanized cryptocurrency wallet Apps. The firm discovered that the scheme was orchestrated by one group and specifically targeted Chinese cryptocurrency users using Chinese websites.  

Researcher Lukas Stefanko who unraveled the scheme said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections. He added: 

“This means that victims’ funds could be stolen by the operator of this scheme and by a different attacker eavesdropping on the same network.”

The malware appeared to target new cryptocurrency users

The malware works differently depending on whether the victim is an iOS or Android user. On Android, the malware appeared to target new cryptocurrency users who do not yet have a legitimate wallet application installed because the malware can’t overwrite any existing apps on the device because of Android security protocols.  

However, on iOS, the victim can have both a real app and the fake one installed, so more experienced cryptocurrency enthusiasts could be targeted, too, even though it’s somewhat cumbersome to download these fake wallets in both cases.

The attackers can manipulate the app’s content as if it was their own

For Android users, the fake cryptocurrency websites invite the user to “Download from Google Play, although it downloads from the bogus site’s server. Once downloaded, the app needs to be manually installed by the user. 

Whether it’s on Apple or Android, once installed, the malware behaves like a fully working cryptocurrency wallet, un-disguisable from the actual apps. By inserting malicious code into the app, the attackers can manipulate the app’s content as if it was their own – meaning they can drain the cryptocurrency from the wallet without the user knowing. Researcher Lukas Stefanko added: 

“We would like to appeal to the cryptocurrency community, mainly newcomers, to stay vigilant and use only official mobile wallets and exchange apps, downloaded from official app stores that are explicitly linked to the official websites of such services, and to remind iOS device users of the dangers of accepting configuration profiles from anything but the most trustworthy of sources.”

1a49ddd7 d169 48a0 a252 3fc3a2ad01bb 1
Tom Nyarunda

Tom is a freelance writer with over 10-years’ experience in content creation, blog writing, and SEO specializing in the blockchain and cryptocurrency niche. As a philosophical figurehead, he believes that to make our world a better place, we must invest in incorruptible products and procedures, of which Bitcoin and other cryptocurrencies are leading examples.

Previous Post

Ukrainian Rescue Token is Launching

Next Post

Pokmi Announces Token Listing on MEXC, Aims to Reshape The Adult Entertainment Industry

Related Posts

Best crypto wallet

Choosing the Best Crypto Wallet – A Quick Guide

by Jay Speakman
May 23, 2022
0

With the crypto market suffering some pretty heavy volatility lately we thought it would again be a  good time to...

wrapped token

What Are Wrapped Tokens and How Do They Work?

by Jay Speakman
May 18, 2022
0

How can we have an interoperable ecosystem of data and information when two blockchains like Bitcoin vs Ethereum don't communicate...

How to Invest in Cryptocurrency: The Ultimate Beginner's Guide

How to Invest in Cryptocurrency: The Ultimate Beginner’s Guide

by Nate Kevin
May 16, 2022
0

The cryptocurrency market has taken the world by storm, drawing in a multitude of retail investors and institutional traders alike. ...

Load More

Get updates to your inbox!

Subscribe to our mailing list to receive daily updates!

FOLLoW US:

Blockzeit Logo 10 1

Blockzeit was founded in 2021 in Switzerland with the mission of bridging the gap between the complex blockchain technology and the general public. Blockzeit is a news and education platform that aims to make blockchain more accessible and bring more transparency to the scene.

Popular Categories

Categories
  • Bitcoin News
  • Business
  • Buy Crypto
  • Education
  • Investing
  • Markets
  • Metaverse
  • NFTs
  • Politics
  • Press Release
  • Switzerland
  • Technology
  • Trends

Important Links

  • Privacy Policy
  • Disclaimer
  • About us
  • Contact us
  • Blockchain Jobs
  • Events

Contact & Social

For guest posts, contact us via info@blockzeit.com

 

Contact: info@blockzeit.com
Press: press@blockzeit.com

Facebook Twitter Linkedin Instagram
  • Home
  • Markets
  • Investing
  • Technology
  • Trends
  • NFTs
  • Education
  • Events
© Copyright by Blockzeit.com. All rights reserved.

Disclaimer

No Result
View All Result
  • Home
    • Business
    • Politics
  • Markets
  • Investing
  • Technology
  • Trends
  • NFTs
    • Metaverse
  • Education
    • Glossary
    • Buy Crypto
      • Buy Cardano
  • Events
    • Metaverse Events
  • DeutschDeutsch
  • PortuguêsPortuguês

© 2021 Blockzeit by Blockzeit.