Google

Google takes down 13 apps after ESET uncovered ‘trojanized’ digital currency wallets

Internet security firm ESET has uncovered a web of digital currency malware that’s being distributed through trojanized applications disguised as popular digital currency wallets.

In a recent press release, the Slovak firm revealed that the sophisticated malicious digital currency scheme targeted mobile devices using both Android and iOS. The attackers distributed the malicious apps through fake websites, mimicking popular wallets including Coinbase, TokenPocket, OneKey, Trust Wallet, and Metamask. 

ESET first discovered the trojanized wallets in May 2021. The company described the campaign as a “sophisticated attack vector” as it involved an in-depth analysis of the legitimate applications in enabling the insertion of the malicious code in such a way that it would be extremely hard to detect for security professionals, while still making sure that the fake apps had the same functionality as the original apps.

ESET believes that the fake apps were the work of one cybercriminal group.

As the company further revealed, it had found several Telegram groups in which malicious copies of the legitimate wallets were being promoted. It believes that it was the criminal group behind the apps that started these groups to target a wider audience. Beginning in October 2021, these groups spread to Facebook, and later that year, they were even pushing their fake wallets on at least two legitimate Chinese websites.

The main goal behind the malicious apps is to steal victims’ digital assets, ESET says, adding that they have primarily targeted Chinese users.

Through a partnership it maintains with Google, ESET notified the search engine giant behind Android of the malicious apps, leading to the takedown of 13 apps that were believed to be compromised by the attackers.

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection. This means that victims’ funds could be stolen not only by the operator of this scheme, but also by a different attacker eavesdropping on the same network,” Lukáš Štefanko, the ESET researcher who discovered the scheme, commented.

Watch: CoinGeek New York presentation, FYI: Better Information Tools for a More Lawful Blockchain Industry

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]