- Cryptocurrency is the new buzzword in the investment world
- People are tempted to invest in digital tokens inspired by stories of successful investors
- Malicious attackers target new cryptocurrency investors, especially those who do not have a crypto wallet
An internet security company has revealed a new sophisticated scheme offering iOS and Android apps as crypto wallets and targeting new cryptocurrency investors.
Internet security and antivirus maker firm ESET reported a complex cryptocurrency scheme that has been targeting iOS and Android users since May 2021. Malicious actors allegedly used malware to steal digital assets, tokens and owner information.
In its research, the security firm detailed how easy it is for malicious actors to entice new victims to ride the wave of crypto buzz.
The antivirus firm revealed dozens of iOS and Android apps that look like legitimate crypto wallets, but are, in fact, carriers of malware payloads. These fake apps allegedly impersonate Coinbase, Trust Wallet, MetaMask, Imtoken, TokenPocket, BitPay and OneKey, and are distributed through sketchy websites that seem trustworthy.
This illustration photo shows the Coinbase logo in the background as a check of cryptocurrency rewards on a smartphone in Los Angeles on April 13, 2021 Photo: AFP / Chris Delmas
Furthermore, these fake crypto wallets mimic the official advertisements used by Coinbase, MetaMask and other legitimate blockchain wallets to appear legit. Hackers also use deceptive articles to promote sketchy websites that distribute fake apps.
Cybercriminals also used intermediaries to expand their reach on Telegram and Facebook to target unsuspecting users and lure in more victims. The researchers noted that these actors communicate in Chinese, and use messaging apps such as Telegram to seek out collaborators who would help them spread malware.
In addition, ESET revealed that there are a few Facebook groups that share step-by-step tutorials, complete with videos, screenshots and links, on how the fake crypto wallet works and how actors steal crypto from victims.
“These malicious apps also represent another threat to victims, as some of them send secret prey seed phrases to attackers’ servers using unsecured HTTP connections. This means that the victims’ money is not only lost through this scheme, operator but also eavesdropping by a different attacker on the same network,” the security firm explained in a blog. Post,
According to ESET, malicious apps behave differently on iOS and Android. Fake apps target new crypto users who do not yet have the Wallet app installed on their Android device. On iOS, victims can install both the fake app and the legitimate crypto wallet.
Cryptocurrency is a booming industry, with many users showcasing their wealth and advertising that they have struck gold as a digital asset. Many users are curious and want to try their luck in crypto. While many are attracted by the gleam of the “new gold”, malicious attackers see the influx of investors as a new opportunity to take advantage of unsuspecting victims.
For new investors looking for a reliable crypto wallet, the only places to download them are on the Apple App Store for iOS users and the Google Play Store for Android users.
© Copyright IBTimes 2022. All rights reserved.