May 27, 2022
Hackers Deploying Malicious Android and iOS Apps Disguised as Wallets to Steal Cryptocurrency

Popular Crypto Wallet Imitators are Stealing Currency from iOS and Android Owners in Elaborate New Schemes

Cyber-criminals are fooling iOS and Android device owners with legitimate-looking crypto wallets to secretly steal currency funds…

ESET, an antivirus and internet security firm, has uncovered a sophisticated malicious cryptocurrency scheme. It targets both iOS and Android mobile devices and has been victimizing people since May of last year. Unsurprisingly, there are fake websites involved, built to steal Bitcoin and other forms of cryptocurrency from unsuspecting consumers believing they’re installing genuine digital wallets.

Hackers Deploying Malicious Android and iOS Apps Disguised as Wallets to Steal Cryptocurrency

The threat actors behind the scheme use ads placed on legitimate websites with misleading articles. These articles promote the phony websites, which in turn, distribute popular copycat wallet apps like Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. Lukáš Štefanko discovered the scam and describes how it works in a press release:

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection. This means that victims’ funds could be stolen not only by the operator of this scheme, but also by a different attacker eavesdropping on the same network. We also discovered 13 malicious apps impersonating the Jaxx Liberty wallet. These apps were available on the Google Play store.”

Owen E. Richason IV

Covers social media, apps, search, and similar news. History buff, movie, and theme park lover. Blessed dad and husband.     

View all posts by Owen E. Richason IV →