The research firm said it found “dozens” of iOS and Android apps in 2021, with some of them mimicking the appearance of popular apps like Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey (via Android Police). Once installed, the attackers could steal seed phrases from the users, offering them access to their crypto wallets in the process. To make the operation seem legitimate, the attackers even placed ads for these malicious apps on various websites. Additionally, the team spread the news about these fake crypto apps on platforms like Facebook and Telegram. More crucially, ESET said it found vulnerabilities on the attackers’ servers leading to data being sent over insecure connections. This means the data could be theoretically accessed by people other than the cyberattackers. It’s important to note that a large portion of this malware impacted users in China. However, the malicious apps were also briefly available on the Play Store, suggesting it has likely spread beyond China.
Google removed 13 apps on the Play Store impersonating a popular crypto wallet app
ESET reports that the code used to develop these malicious apps are already online. So users need to be on guard while installing crypto apps on their devices. Based on the information provided by ESET, Google has removed 13 apps on the Play Store that mimicked the Jaxx Liberty Wallet app. The best way to avoid falling into the trap is to ensure you’re downloading the app from official sources. Crypto wallets usually have their dedicated website, found with a quick Google Search. We also recommend checking out the reviews and ratings for a crypto app you’re trying to download. If a popular crypto app doesn’t have enough user ratings, it’s probably not the real deal. This isn’t the first instance of cyber attackers trying to steal users’ financial info via deceit, and it probably won’t be the last time.