Android and iPhone programs that steal currencies from private wallets - 2022

A horrific malicious campaign spotted by ESET, programs that steal coins from private wallets, sweeping Android and iPhone smartphones every day.

Do you have coins on Coinbase, Binance, Trust Wallet or MetaMask? It is best to be especially careful at this time. ESET researchers announced that they discovered the beginning of a crypto theft campaign designed specifically to empty Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket or OneKey wallets.

To do this, hackers use a range of fraudulent applications and techniques. On Android as on iOS, they encourage in different ways to download a corrupt app outside of Google Play Store or Apple App Store. It's also worth noting that the attack also targets iPhones that are reputed to be more secure - cybercriminals generally hijack the TestFlight app's testing system for this purpose.

In concrete terms, hackers create fake coin-stealing software that uses all the graphic symbols of the official investment apps. Then they sell it to other hackers through dozens of Facebook accounts as well as Telegram threads. Here we see a structure that has become the norm for a few years: malicious applications are SaaS or Software-as-a-Service.

In other words, there are hackers who develop, maintain and market coin-stealing software, and other actors pay these first to gain access to their tools. According to ESET, “The person who distributes malware is offered a 50% commission for content stolen from cryptocurrency wallets.”

ESET has also announced that it has asked Google to remove 13 infected apps from the Play Store. The latter was trying to imitate the Jaxx Liberty Wallet app... to better steal users' recovery IDs and steal all their cryptocurrency.

ESET continues: "These criminals' goal was simply to retrieve the recovery source phrase and pass it on either to the attacker's servers or to a secret Telegram group. Moreover, it appears that the source code for this threat has been leaked and is being shared on some Chinese sites, which could attract other malicious actors. And this threat is spreading even further.”

How do we protect from programs that steal currency?

 The first thing to do is always go to the official Play Store or the App Store to download an app that might contain money. Always open the App Store yourself (don't follow any links) to reduce the risk of phishing. And check in particular that the app complies with the official developer.

On iOS, hackers have to take you through unusual steps to convince you to install their fraudulent app. These steps often include installing a new profile on your smartphone as well as downloading the beta TestFlight app. Systematically refuse to install an app through these means and download Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket or OneKey exclusively from the official app store.

Post a Comment