Heads up, crypto users! A flurry of trojanized crypto wallets mimicking popular services has emerged online to steal victims money. Researchers have found these malware-embedding wallets under distribution via various means. Be careful when downloading any cryptocurrency app from unofficial sources.
Trojanized Crypto Wallets Targeting Mobile Users
Researchers from ESET shared details about the recently spotted wave of trojanized crypto wallets in a recent post.
As elaborated, the researchers found at least 40 different malicious crypto websites posing as popular crypto services to trick users. These sites specifically target mobile users only, luring them into downloading fake crypto wallets. Another means of spreading these wallets is via Telegram channels.
This malware campaign is particularly difficult to detect as the threat actors have not created new apps. Instead, they chose to modify the existing apps by inserting malicious codes. In this way, the trojanized versions keep exhibiting the expected functionalities alongside running the malware. Hence, an average user won’t spot the presence of malware.
As stated in the post,
It required the attackers to perform an in-depth analysis of the wallet apps… and then find the exact places in the code where the seed phrase is either generated or imported by the user. In these places, the attackers inserted malicious code that is responsible for obtaining the seed phrase and its extraction to the attackers’ server.
The researchers confirmed that the campaign has been around since May 2021. It primarily targets Chinese users to steal victims’ crypto assets.
This malicious campaign distributing trojanized crypto wallets targets Android and iOS users alike. However, it works differently for the users of the two platforms. Since it’s not possible to overwrite existing apps on Android devices with malicious versions, the threat actors typically target new Android users that don’t have any wallets installed on their devices. But since running two separate app versions is possible on iOS devices, the subsequent number of iOS victims may be higher.
Some of the fake apps even infiltrated the Google Play Store, which Google subsequently removed.
Watch Out For Fake Apps
Researchers advise users who may have accidentally downloaded any fake apps to swiftly remove them. Since it’s difficult for the users to spot the fake apps, any users who have recently created or restored a wallet should consider creating a new wallet (using official sources) and move funds to there.