Blockzeit
  • News
    • Business
    • Politics
    • Metaverse
    • NFTs
    • Markets
    • Investing
    • Technology
    • Trends
  • Tools
    • Crypto Charts
    • Crypto Heatmap
  • Education
    • Reviews
    • Guides
    • Bitcoin Price Analysis
  • Crypto Exchanges
No Result
View All Result
  • EnglishEnglish
    • EnglishEnglish
    • DeutschDeutsch
    • PortuguêsPortuguês
Buy Crypto
  • News
    • Business
    • Politics
    • Metaverse
    • NFTs
    • Markets
    • Investing
    • Technology
    • Trends
  • Tools
    • Crypto Charts
    • Crypto Heatmap
  • Education
    • Reviews
    • Guides
    • Bitcoin Price Analysis
  • Crypto Exchanges
No Result
View All Result
Blockzeit
No Result
View All Result
Home Education
Fake Bitcoin Wallet Apps

Fake Bitcoin Wallet Apps

Cybersecurity Firm ESET Flags 13 Malicious Apps in Trojan Crypto Wallet Scheme

Tom Nyarunda by Tom Nyarunda
March 30, 2022
in Education
Reading Time: 3 mins read
0
Share on FacebookShare on TwitterShare on LinkedinShare via WhatsappShare via Email

The scheme, which mainly targeted Chinese users through social media groups and fake websites, has been running since May 2021.

An investigation by leading cybersecurity firm EST has lifted a lid on a “sophisticated scheme” by criminals who spread Trojan Horse Apps disguised as popular cryptocurrency wallets. The malicious plan targeted mobile devices running on Apple (iOS) and Android operating systems, which they would compromise as soon as an unsuspecting user downloaded a fake App. 

According to the ESET investigation, the crooks distributed the 13 malicious Apps using fake websites that imitated legitimate cryptocurrency wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneK. Google has since removed the offending apps from Google Play Store, which over 1,100 unsuspecting users may have installed. However, there are chances that the malicious Apps were still lurking somewhere on other websites or social media platforms.  

Uncovered dozens of trojanized cryptocurrency wallet Apps

Cybercriminals have always disseminated their wares via social media groups on Facebook and Telegram, with their only intention being to steal cryptocurrencies from their victims. ESET indicated in its report it had uncovered “dozens of trojanized cryptocurrency wallet Apps. The firm discovered that the scheme was orchestrated by one group and specifically targeted Chinese cryptocurrency users using Chinese websites.  

Researcher Lukas Stefanko who unraveled the scheme said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections. He added: 

“This means that victims’ funds could be stolen by the operator of this scheme and by a different attacker eavesdropping on the same network.”

The malware appeared to target new cryptocurrency users

The malware works differently depending on whether the victim is an iOS or Android user. On Android, the malware appeared to target new cryptocurrency users who do not yet have a legitimate wallet application installed because the malware can’t overwrite any existing apps on the device because of Android security protocols.  

However, on iOS, the victim can have both a real app and the fake one installed, so more experienced cryptocurrency enthusiasts could be targeted, too, even though it’s somewhat cumbersome to download these fake wallets in both cases.

The attackers can manipulate the app’s content as if it was their own

For Android users, the fake cryptocurrency websites invite the user to “Download from Google Play, although it downloads from the bogus site’s server. Once downloaded, the app needs to be manually installed by the user. 

Whether it’s on Apple or Android, once installed, the malware behaves like a fully working cryptocurrency wallet, un-disguisable from the actual apps. By inserting malicious code into the app, the attackers can manipulate the app’s content as if it was their own – meaning they can drain the cryptocurrency from the wallet without the user knowing. Researcher Lukas Stefanko added: 

“We would like to appeal to the cryptocurrency community, mainly newcomers, to stay vigilant and use only official mobile wallets and exchange apps, downloaded from official app stores that are explicitly linked to the official websites of such services, and to remind iOS device users of the dangers of accepting configuration profiles from anything but the most trustworthy of sources.”

1a49ddd7 d169 48a0 a252 3fc3a2ad01bb 1
Tom Nyarunda

Tom is a freelance writer with over 10-years’ experience in content creation, blog writing, and SEO specializing in the blockchain and cryptocurrency niche. As a philosophical figurehead, he believes that to make our world a better place, we must invest in incorruptible products and procedures, of which Bitcoin and other cryptocurrencies are leading examples.

Previous Post

Ukrainian Rescue Token is Launching

Next Post

Pokmi Announces Token Listing on MEXC, Aims to Reshape The Adult Entertainment Industry

Related Posts

Cryptocurrencies now fall under the "Digital Asset" reporting in the updated 1040-SR form of the IRS. (Photo Source: Wikimedia Commons)

Here’s How To Properly Declare Your Crypto To The IRS

by Giancarlo Perlas
January 31, 2023
0

With the stricter regulations in federal income tax reporting that now include digital assets, there’s a need for cryptocurrency owners...

Investing 101

Investing 101: How To Do Your Own Research?

by Rickie Sebastian Sanchez
January 31, 2023
0

The vast majority of people will tell you to "do your own research," "DYOR," and "do your own due diligence,"...

Photo Source: Flickr

Crypto Scams: Decentralization, Immutability and Anonymity Can Also Work Against You

by Giancarlo Perlas
January 30, 2023
0

Decentralization, immutability, and anonymity. These are the key elements that make cryptocurrencies attractive to investors and traders due to their...

Load More

Get updates to your inbox!

Subscribe to our mailing list to receive daily updates!

FOLLoW US:

Blockzeit Logo 10 1

Blockzeit was founded in 2021 in Switzerland with the mission of bridging the gap between the complex blockchain technology and the general public. Blockzeit is a news and education platform that aims to make blockchain more accessible and bring more transparency to the scene.

Popular Categories

Categories
  • Bitcoin News
  • Business
  • Education
  • Investing
  • Markets
  • Metaverse
  • NFTs
  • Politics
  • Press Release
  • Switzerland
  • Technology
  • Trends
  • Uncategorized

Important Links

  • Privacy Policy
  • Disclaimer
  • About us
  • Contact us
  • Blockchain Jobs
  • Events

Contact & Social

For guest posts, contact us via info@blockzeit.com

 

Contact: info@blockzeit.com
Press: press@blockzeit.com

Facebook Twitter Linkedin Instagram
  • Home
  • Markets
  • Investing
  • Technology
  • Trends
  • NFTs
  • Education
  • Events
© Copyright by Blockzeit.com. All rights reserved.

Disclaimer

Start making money with crypto.

Buy Here
No Result
View All Result
  • News
    • Business
    • Politics
    • Metaverse
    • NFTs
    • Markets
    • Investing
    • Technology
    • Trends
  • Tools
    • Crypto Charts
    • Crypto Heatmap
  • Education
    • Reviews
    • Guides
    • Bitcoin Price Analysis
  • Crypto Exchanges
  • DeutschDeutsch
  • PortuguêsPortuguês

© 2021 Blockzeit by Blockzeit.