Modified Android and iOS e-wallets target cryptocurrencies »PACA Economic and Political Newsletter

ESET Research has discovered a sophisticated mechanism for distributing trojanized Android and iOS apps that mimic popular cryptocurrency wallets.

40 websites offer modified Android and iOS e-wallets that target our cryptocurrencies.

The price of Bitcoin (€ 20,558.07) has fallen by around 69% from its all-time high about seven months ago. For cryptocurrency investors, this may be the time to panic and withdraw their funds, or for newcomers to take the opportunity and buy cryptocurrency. If you belong to one of these groups, you should carefully choose which mobile application to use to manage your funds.

ESET Research has identified over 40 websites that mimic popular cryptocurrency wallets. These websites target mobile users only and offer them rogue app downloads. The main purpose of such apps is to steal user funds. Although the attacks to date have mainly targeted Chinese users, we expect these techniques to spread to other markets given the popularity of crypto assets.

ESET was able to track the distribution vector of these Trojan cryptocurrency wallets, including several Telegram groups. We assume that these groups were created by the developer to recruit accomplices to spread the malware. Suggest telemarketing operations, social media campaigns, advertisements or SMS to disseminate modified portfolios. According to the information gathered in these groups, a person who distributes the malware is offered a 50% commission on the stolen content.

Behavior differences on iOS and Android

The malicious application behaves differently depending on the operating system on which it was installed. On Android, it appears to be targeting new cryptocurrency users. Trojan-infected wallets have the same package name as legitimate apps; however, they are signed using a different certificate. On iOS, the victim can have both versions installed, the legitimate one from the App Store and the malicious one from a website, as they don’t share the same Bundle ID.

For Android devices, the sites offered the ability to directly download the malicious app from their servers even when the user clicked the “Download from Google Play” button. Once downloaded, the application must be manually installed by the user. As for iOS, these malicious applications are not available on the App Store; they must be downloaded and installed using configuration profiles, which add an arbitrary trusted code signing certificate.

At the request of ESET as a partner of the Google App Defense Alliance, in January 2022 Google removed 13 malicious apps found on the Google Play Store that were posing as the legitimate Jaxx Liberty Wallet app; they have been installed more than 1,100 times. One of the apps on this list used a fake website that mimicked the Jaxx Liberty as a delivery vehicle.

Malware prevention and uninstallation

– ESET researchers often advise users to download and install applications from official sources only.

– A reliable mobile security solution on Android

– On an iOS device, we recommend that you do not install applications outside the official app store and be extremely vigilant about attempts to install additional profiles that allow the installation of third-party software

ESET would like to invite the community of cryptocurrency users, mainly newcomers, to remain vigilant and only use official wallets and apps downloaded from official app stores.

About ESET:

Specializing in the design and development of security software for businesses and the general public, ESET is today the leading publisher of endpoint security software in the European Union.

For more information?:? Https: //www.eset.com/fr/

Leave a Comment