People via social media groups and bogus websites.
According to ESET's research, there is a"sophisticated strategy" that disseminates Trojan programs masquerading as popular bitcoin wallets.
The malicious method targets mobile devices running the Android or Apple (iOS) operating systems, which become hacked whenever bogus software is downloaded.
However, according to ESET's research, these malicious programs are distributed via fake websites and impersonate real cryptocurrency wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.
The company also detected 13 fraudulent apps on the Google Play Store imitating the Jaxx Liberty wallet. Google has now removed the offending apps, which had been installed over 1,100 times, but there is much more hiding on other websites and social media platforms.
However, according to ESET's research, these malicious programs are distributed via fake websites and impersonate real cryptocurrency wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.
The company also detected 13 fraudulent apps on the Google Play Store imitating the Jaxx Liberty wallet. Google has now removed the offending apps, which had been installed over 1,100 times, but there is much more hiding on other websites and social media platforms.
The researcher who unearthed the scheme, Luká Stefano, stated that there were other threat vectors, such as sending seed phrases to the attacker's server via unsecured connections, adding,
"This means that victims' funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network."
Depending on where the phony wallet apps are installed, they behave slightly differently. On Android, it attacks a new cryptocurrency that the user may not have traded before, encouraging the user to install the necessary wallet. On iOS, the apps must be downloaded using arbitrary trusted code-signing certificates to avoid Apple's App Store. This means that the user can have two wallets loaded at the same time, the legitimate one and the Trojan, but offers less of a risk because most users rely on App Store verification for their apps.
ESET recommends cryptocurrency users andtraders to only install wallets from reliable sources that are linked to the exchange or the company's official website.
Google Cloud launched the Virtual MachineThreat Detection system in February, which looks for and detects "crypto jacking"malware aimed to hijack resources in order to mine digital currencies.
According to Chainalysis research publishedin January, crypto-jacking accounted for 73% of the total value acquired bymalware-related wallets and addresses between 2017 and 2021.
