- BITCOIN TICKER WIDGET VARIES WITH DEVICE APK APK
- BITCOIN TICKER WIDGET VARIES WITH DEVICE APK REGISTRATION
- BITCOIN TICKER WIDGET VARIES WITH DEVICE APK ANDROID
BITCOIN TICKER WIDGET VARIES WITH DEVICE APK REGISTRATION
We were able to trace the distribution vector of these trojanized cryptocurrency wallets back to May 2021 based on the domain registration that was provided for these malicious apps in the wild, as well as the creation of several Telegram groups that started to search for affiliate partners.
These websites target only mobile users and offer them the download of malicious wallet apps. DistributionĮSET Research identified over 40 copycat websites of popular cryptocurrency wallets. These apps were available on the Google Play store, which is proactively protected by the App Defense Alliance, of which ESET is one of the scanning partners, prior to apps being listed. Besides this cryptocurrency wallet scheme, we also discovered 13 malicious apps impersonating the Jaxx Liberty wallet. This means that victims’ funds could be stolen not only by the operator of this scheme, but also by a different attacker eavesdropping on the same network. These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection. From the posts we found, it is difficult to determine whether it was shared intentionally or if it leaked. We found this code on at least five websites, where it was shared for free, and thus expect to see more copycat attackers.
BITCOIN TICKER WIDGET VARIES WITH DEVICE APK APK
This is further supported by the public sharing, in November 2021, of the source code of the front-end and back-end distribution website, including the recompiled APK and IPA files. As cryptocurrencies are gaining popularity, we expect these techniques to spread into other markets. The main goal of these malicious apps is to steal users’ funds and until now we have seen this scheme mainly targeting Chinese users. At this point, we believe that this is the work of one individual attacker or, more likely, one criminal group. This is a sophisticated attack vector since the malware’s author carried out an in-depth analysis of the legitimate applications misused in this scheme, enabling the insertion of their own malicious code into places where it would be hard to detect while also making sure that such crafted apps had the same functionality as the originals. These malicious apps were able to steal victims’ secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.
BITCOIN TICKER WIDGET VARIES WITH DEVICE APK ANDROID
We found trojanized Android and iOS apps distributed through websites mimicking legitimate services. Starting in May 2021, our research uncovered dozens of trojanized cryptocurrency wallet apps.
If you belong to one of these groups, you should pick carefully which mobile app to use for managing your funds. For cryptocurrency investors, this might be a time either to panic and withdraw their funds, or for newcomers to jump at this chance and buy cryptocurrency for a lower price. ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency walletsĪt the time of writing this blogpost, the price of bitcoin (US$38,114.80) has decreased about 44 percent from its all-time high about four months ago.
0 kommentar(er)
