13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store

According to research by cybersecurity firm ESET, a sophisticated scheme to plant Trojan applications disguised as popular cryptocurrency wallets has been discovered.

13 applications were deleted when the Trojan was detected

According to research by ESET, these malicious apps are distributed through fake websites and mimic legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. The malicious scheme targets mobile devices using Android or Apple operating systems (iOS). Accordingly, the victim’s phone will be compromised if the user downloads the fake app.

The company also discovered 13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store. Since then, Google has removed the offending apps, which have been installed more than 1,100 times. However, many other applications lurking on other websites and social media platforms.

The people behind this conspiracy disseminated their products through groups on Facebook and Telegram, intending to steal cryptocurrency from the victims. ESET claims to have discovered “dozens of crypto wallet apps with Trojans from May 2021. They claim that the scheme mainly targets Chinese users because most apps are downloaded from Chinese websites.

The researcher who unraveled the scheme, Lukáš Štefanko, said that other threats are automatically sending security phrases to the attacker’s server through links connection is not secure.

“This means that victims’ funds could be stolen by the operator of this scheme and by a different attacker eavesdropping on the same network,” Štefanko said.

Fake wallet apps work a little differently depending on where they are installed. On Android, it targets a new cryptocurrency that the user may not have traded before and prompts the user to install the appropriate wallet. That is, users can install two wallets simultaneously, a genuine wallet and a Trojan wallet. For iOS phones, this plan poses less of a threat as most users rely on the App Store’s verification mode when installing apps.

ESET advises crypto investors and traders to install wallets only from trusted sources linked to the exchange’s official website or the company.

In February, Google Cloud announced its Virtual Machine Threat Detection (VMTD) system, which scans and detects “cryptojacking” malware designed to hijack resources for cryptocurrency mining. . According to a January report by Chainalysis, cryptocurrencies accounted for 73% of the total value received by malware-related wallets and addresses between 2017 and 2021.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like