Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto
Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto
Confiant, a marketing security firm, discovered a swarm of fraudulent behavior using distributed wallet apps, letting hackers steal private seeds and get access to users' assets via backdoored counterfeit wallets. The apps are disseminated via copying respectable websites to make it look as if the user is downloading an authentic app.
When it comes to devising attacks to take advantage of cryptocurrency consumers, hackers are becoming increasingly inventive. Confiant, a business committed to assessing the quality of advertisements and the security risks they may represent to internet users, has issued a warning about a new type of assault impacting users of popular Web3 wallets such as Metamask and Coinbase Wallet.
Confiant classified the cluster, codenamed "Seaflower," as one of the most sophisticated strikes of its type. According to the research, ordinary users will not be able to identify these applications since they are nearly identical to the real apps but feature a different coding that allows hackers to steal the wallets' seed phrases, allowing them access to the cash.
According to the survey, these apps are largely disseminated outside of traditional app stores, via links identified by users in search engines like Baidu. The investigators believe the cluster is Chinese because of the languages used in the code comments, as well as other factors such as infrastructure location and services used.
Due to the careful administration of SEO optimizations, the URLs of these applications reach famous locations in search sites, allowing them to rank high and deceiving people into thinking they are visiting the actual site. The sophistication of these programs stems from the way the code is concealed, obscuring much of the system's operation.
The Metamask impostor uses a backdoored program to send seed phrases to a remote site as it is being built, and this is the major attack vector. Seaflower employs a similar attack vector for other wallets.
Experts have presented a piece of advice for keeping wallets safe on portable devices. Because these backdoored programs are only available outside of app stores, Confiant recommends users to always attempt to get them via legitimate Android and iOS app shops.
