In the past few hours, the security company Eset has discovered several applications, for Android, but also for iOS, which pretend to be popular digital wallets for cryptocurrencies, with the aim of stealing the access credentials to them, and emptying them of their content.
Exactly one week after the warnings of the BitRAT trojan, which hit those who tried to pirate a copy of Windows, we return to talk about computer security through an alert that warns, in a bipartisan way, both Android and iOS users who keep their their smartphones a digital wallet for cryptocurrencies.
The researcher Lukáš Štefanko, working at the Slovak security house Eset (known for the Nod32 antivirus) discovered the new emergency: in this specific case, it emerged that a hacker attack is underway according to a sophisticated scheme that acts on several propagation channels. In particular, there are bogus websites that advocate the download of apps that, in their names, evoke famous digital wallets (eg. MetaMask, OneKey, Coinbase, Bitpie, Trust Wallet, imToken, TokenPocket) that actually conceal trojans.
Even the Android Play Store itself is not exempt from the problem, since 13 applications were found inside it intent on pretending to be the famous Jaxx Liberty wallet often used by users for its also providing information on the prices of cryptocurrencies, for which even acts as an exchange (so you can buy or resell them): in both cases, hackers propagated the download of maliciously modified software using ad hoc groups, sites on social networks (e.g. on Facebook) or in famous chat apps (e.g. . Telegram).
Warned of the matter, Google promptly deducted the apps from its former Play Market even if not exactly promptly, due to the fact that, in the meantime, the greasing apps had already been downloaded by about 1,100 users.
According to the first investigations conducted by Eset experts, among the dozens of wallets modified with Trojans that have been identified, some even dated back to the distant May of 2021, thus having been operational for just under a year. For now, it is assumed that a group rather than a single hacker originated this attack scheme: another certainty is that, for the moment, mostly Chinese users are being targeted.
To ward off the threat, which as a side effect could also expose users to the danger of sending their seed phrases (random list of words generated by their wallet that practically allows access to be recovered) to servers controlled by cybercriminals, the council that is provided by experts to cryptocurrency investors is to pay attention to where digital wallets are downloaded, preferring the official websites of companies offering a given service as a source.