Follow Us:
Saturday, July 02, 2022

Hackers use Telegram, websites to promote malicious crypto wallets: Eset researchers

These malicious apps were able to steal victims’ secret seed phrases (passcodes used to access crypto wallet) by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.

By: Tech Desk | Pune |
March 29, 2022 1:48:10 pm
Cyptocurrencies do give a high rate of returns, but are equally susceptible to cyber attacks. (Photo Credit: Pixabay)

The influx of new investors in the crypto space has given cyber criminals new opportunities to target unsolicited individuals. Security researchers with Eset have uncovered 40 copycat of well-known cryptocurrency wallets. These crypto wallets hide malicious trojans inside them engineered to steal all your crypto assets.

These malicious apps were able to steal victims’ secret seed phrases (passcodes used to access crypto wallet) by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey.

For the uninitiated, a crypto wallet is where all your cryptocurrency lies. This includes your tokens or coins, and non-fungible-tokens (NFTs) too. A crypto wallet can be accessed via something called as a seed phrase—which is the equivalent of a password or passcode. Hackers want to gain illegal authorisation to your passcode, because once they have it—they can steal all your crypto-assets.

Distribution channel: Telegram, websites

Telegram, is a widely used messaging platform. But, it has also become a hub for pirated files, documents, and also a favourite place for crypto enthusiasts to recieve update about an upcoming airdrop, a token, or an NFT. However, the messaging platform is now being used by hackers to promote malicious copies of such crypto wallets.

Best of Express Premium
Udaipur killing on video | ‘Do something spectacular’: Man from Pak told ...Premium
In village of fauji dreams, second thoughts, insecurity over AgnipathPremium
Delhi HC recently struck down powers of Banks Board Bureau; new body to s...Premium
Explained: Concise companion to a bestselling treatisePremium

“We assume these groups were created by the threat actor behind this scheme looking for further distribution partners, suggesting options such as telemarketing, social media, advertisement, SMS, third-party channels, fake websites etc,” Eset researchers said in a blog post. It is worth noting that all the identified groups were communicating in Chinese.

These Telegram groups serve as a distribution channel. Any person distributing this malware is offered a 50 per cent commission on the stolen contents of the wallet, as per the Eset researchers.

Not only Telegram channels but the distribution of malicious wallets was also being done using two legitimate websites, targeting users in China. On these websites, in the category “Investment and financial management”, researchers found upto six articles promoting mobile cryptocurrency wallets using copycat websites, leading users to download malicious mobile applications claiming to be legitimate and reliable. These posts abuse the names of legitimate cryptocurrency wallets such as: imToken, Bitpie, MetaMask, TokenPocket, OneKey, and Trust Wallet.

Targeting Android and iOS users

Hackers seem to target Android and iOS users differently. On Android, hackers target new cryptocurrency users who do not yet have a legitimate wallet application installed on their devices. This means if the official wallet is already installed on an Android smartphone, the malicious app can’t overwrite it because the key used to sign the counterfeit app is different from the legitimate application. That is the standard security model of Android apps, where non-genuine versions of an app can’t replace the original.

However, on iOS, the victim can have both versions installed – the legitimate one from the App Store and the malicious one from a website.

Eset researchers have advised users to download and install apps only from official sources, such as the Google Play store or Apple’s App Store. For iOS device,  downloading apps only from the official App Store, being especially cautious about accepting configuration profiles, and avoiding a jailbreak on this platform are the most advisable prevention recommendations.

UPSC KEY Have you seen our section dedicated to helping USPC aspirants decode daily news in the context of their exams?

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard