13 apps removed after researchers uncover Trojan crypto wallet scheme

cointelegraph.com:

Research by cyber security firm ESET has uncovered a “sophisticated scheme” that disseminates Trojan apps disguised as popular cryptocurrency wallets.

The malicious scheme targets mobile devices using Android or Apple (iOS) operating systems which become compromised if the user downloads a fake app.

According to ESET's research, these malicious apps are distributed through bogus websites, and imitate legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey.

The firm also discovered 13 malicious apps impersonating the Jaxx Liberty wallet, available on the Google Play Store. Google has since removed the offending apps, which were installed more than 1,100 times, but there are still many more lurking out there on other websites and social media platforms.

The threat actors disseminated their wares through social media groups on Facebook and Telegram, intending to steal crypto assets from their victims. ESET claims to have uncovered “dozens of trojanized cryptocurrency wallet apps,” going back to May 2021. It also stated that the scheme, which it believes is the work of one group, was primarily targeting Chinese users via Chinese websites.

Lukáš Štefanko, the researcher who unraveled the scheme, said that there were other threat vectors, such as sending seed phrases to the attacker’s server using unsecured connections, adding:

The fake wallet apps behave slightly differently depending on where they are installed. On Android, it targets a new cryptocurrency that the user may not have previously traded, prompting the user to install the appropriate wallet. While on iOS the apps need to be downloaded using arbitrary trusted code-signing certificates circumnavigating Apple’s App