Android and iPhone users are being targeted into downloading malware posing as cryptocurrency wallet apps. ESET researchers have found over 40 websites that have been designed to look like popular cryptocurrency websites, but then lure users into downloading fake applications containing trojans that steal cryptocurrency. These websites have been purposely designed to target mobile users, and specifically target new cryptocurrency users that may have little knowledge of these original services. Traffic is directed to the websites through online advertising and posts to popular crypto-related websites.
The attackers appear to be communicating in Mandarin and use the Telegram application to help spread the malware by searching for affiliates and providing video guides on how to steal cryptocurrency and how the fake wallets work. Those helping the criminals can be given up to 50% commission on any cryptocurrency thefts that are successfully executed.
For Android users, the criminals are targeting new crypto
users who don’t yet have a legitimate wallet service on their phone. This is
because the malware cannot overwrite existing applications due to Android’s security
protocols. The fake websites direct the user to ‘Download from Google Play’ but
actually downloads directly from the fake site’s server. The application must
then be manually installed by the user. ESET noted that 13 malicious applications
were removed from the Google Play store in January alone, so not all of these
attacks are being spread solely through fake websites.
However, for iOS, whilst malicious applications can’t be added to the App Store, victims can have both a real and fake app installed at the same time which means more experienced cryptocurrency users can be targeted. Victims are sent to malicious websites to download the application which uses multiple alerts and notifications to encourage the user to bypass iOS’s default security protections so the unverified app can be installed.
Once installed, the application acts and looks like a normal cryptocurrency wallet – completely indistinguishable from real applications. The criminals manipulate the content of the app so they are able to drain the cryptocurrency from the wallet without the user knowing.
These attacks are still active so please ensure you are only downloading apps from trusted, official sources and make use of anti-virus software on your phones to help detect malicious links and applications. Stay vigilant when surfing crypto-related websites and do not click on any suspicious links. iOS users should ensure they do not accept configuration profiles unless from a highly trusted source. If you believe you have downloaded a malicious application, please create a new wallet immediately with a trusted device and application and transfer all funds into it. This will prevent attackers from transferring the funds (if they haven’t already).
No comments:
Post a Comment