Modified e-wallets for Android and iOS target cryptocurrencies »PACA’s economic and political newsletter

ESET Research has discovered an advanced mechanism for distributing trojan Android and iOS apps that imitate popular cryptocurrency wallets.

40 websites offer custom e-wallets for Android and iOS that target our cryptocurrencies.

The price of Bitcoin ($20,558.07) is about 69% lower than its all-time high of about seven months ago. For cryptocurrency investors, this could be a time to panic and withdraw their funds, or for newbies to seize the opportunity and buy cryptocurrency. If you belong to one of these groups, you should choose carefully which mobile application to use to manage your money.

ESET Research has identified more than 40 websites imitating popular cryptocurrency wallets. These websites target mobile users only and offer them to download rogue apps. The main purpose of such apps is to steal user funds. While the attacks so far have mainly targeted Chinese users, given the popularity of crypto assets, we expect these techniques to spread to other markets.

ESET was able to trace the distribution vector of these trojanized cryptocurrency wallets, including several Telegram groups. We assume that these groups were created by the developer to recruit accomplices to spread the malware. Suggesting telemarketing, social media campaigns, advertising or texting activities to distribute custom wallets. According to information gathered in these groups, a person who distributes the malware gets a 50% commission on the stolen content.

Differences in Behavior on iOS and Android

The malicious application behaves differently depending on the operating system it is installed on. On Android, it seems to be targeting new cryptocurrency users. Trojan-infected wallets have the same package name as legitimate apps; however, they are signed with a different certificate. On iOS, the victim may have both versions installed – the legitimate one from the App Store and the malicious one from a website – because they don’t share the same bundle ID.

For Android devices, the sites offered the option to download the malicious application directly from their servers, even when the user clicked the “Download from Google Play” button. After downloading, the application must be installed manually by the user. As for iOS, these malicious applications are not available in the App Store; they must be downloaded and installed using configuration profiles, which add any trusted code signing certificate.

At the request of ESET as a partner of the Google App Defense Alliance, in January 2022, Google removed 13 malicious apps found in the Google Play Store masquerading as the legitimate Jaxx Liberty Wallet app; they have been installed more than 1100 times. One of the apps on this list used a fake website that imitated Jaxx Liberty as a delivery vehicle.

Prevent and remove malware

– ESET researchers regularly advise users to download and install applications from official sources only.

– A reliable mobile security solution on Android

– On an iOS device, we recommend that you do not install any applications outside the official application store and be extremely vigilant about attempts to install additional profiles that allow installation of third-party software

ESET calls on the community of cryptocurrency users, especially newbies, to remain vigilant and only use official wallets and apps downloaded from official app stores.

About ESET:

ESET specializes in designing and developing security software for businesses and the general public and is today the leading publisher of endpoint security software in the European Union.

For more information?:?

Leave a Comment