Crypto has gained serious traction in the past few years. Apart from Bitcoin and Ethereum, many tokens have witnessed remarkable growth in recent times. And most of the users are lured to this new type of currency due to the massive return in a very short time. However, many users are not very tech-savvy, and hence they are not entirely familiar with the tech behind these digital currencies. Hackers have exploited this knowledge gap to stole cryptocurrencies. According to a report from Eset, a digital security firm, hackers have developed mobile applications resembling the login crypto wallets. These blockchain wallets were embedded with malware to steal the seed words and eventually take access to their real wallets. The report further reads:
Starting in May 2021, our research uncovered dozens of trojanized cryptocurrency wallet apps. We found trojanized Android and iOS apps distributed through websites mimicking legitimate services . These malicious apps were able to steal victims’ secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.
In its report, the security firm reveals that they found dozens of iOS and Android apps that appeared just like Metamask or Coinbase crypto wallets. The only difference was they were infected with malware and trojans. The codes of these wallets were cleverly designed to resemble the real wallets while the infectious details were well hidden.
The team further discovered that these faked crypto wallets were advertised through banner ads placed on crypto-related trusted websites. Moreover, the team behind this malicious work hired many intermediaries to lure the potential victims through telegram and Facebook to install these crypto wallets. The Eset time found one variant of these crypto wallets on the Google Play Store.
Scams are rampant in the crypto field, and most of the victims are newbies in this field. Hackers are trying to always find a new way to target new and young users. While there are many ways to avoid falling for such scams, one is to always download any application from a trusted source. For iOS only, use Apple’s App Store, and Android users should use the Google Play store with ‘Play Protect’ enabled to filter out any unwanted applications. Further, Android users must never install any .apk files downloaded from untrustworthy stores, as .apk files are one of the easiest targets to infect an Android smartphone and get access to confidential data.
CoinFea Explainer
What are cryptocurrency wallet apps?
Cryptocurrency wallet apps are soft versions of blockchain wallets. It is being used as a private or exchange wallet to store cryptocurrency and other digital assets such as NFTs.
What are Malware and Trojans?
Malware and Trojans are a file or codes primarily used with malicious intent. These computer programs are used to infect and gain unauthorized access to a device or system.