Modified electronic wallets for Android and iOS target cryptocurrencies »PACA’s economic and political newsletter

ESET Research has discovered a sophisticated mechanism for distributing Trojanized Android and iOS apps that mimics popular cryptocurrency wallets.

40 sites offer modified Android and iOS e-wallets targeted at our cryptocurrencies.

The price of Bitcoin (€ 20,558.07) has fallen about 69% from its record high about seven months ago. For investors in cryptocurrency, this may be a time to panic and withdraw their money, or for newcomers to jump at the chance and buy cryptocurrency. If you belong to one of these groups, you should carefully choose which mobile application you want to use to manage your money.

ESET Research has identified over 40 websites that mimic popular cryptocurrency wallets. These sites are targeted at mobile users only and offer them to download junk apps. The main purpose of such apps is to steal user funds. Although the attacks to date have mainly targeted Chinese users, we expect these techniques to spread to other markets, given the popularity of cryptocurrencies.

ESET was able to track the distribution vector of these Trojan cryptocurrency wallets, including several Telegram groups. We assume that these groups were created by the developer to recruit accomplices to spread the malware. Suggests telemarketing, social media campaigns, advertising or texting operations to spread modified wallets. According to information gathered in these groups, a person distributing the malware is offered 50% commission on the stolen content.

Differences in behavior on iOS and Android

The malicious program behaves differently depending on the operating system on which it was installed. On Android, it seems to be targeting new users of cryptocurrency. Trojan-infected wallets have the same package name as legitimate apps; however, they are signed with a different certificate. On iOS, the victim may have both versions installed – the legitimate one from the App Store and the malicious one from a website – as they do not share the same bundle ID.

For Android devices, the sites offered the ability to directly download the malicious app from their servers, even when the user clicked the “Download from Google Play” button. Once downloaded, the application must be installed manually by the user. As for iOS, these malicious apps are not available in the App Store; they must be downloaded and installed using configuration profiles that add any trusted code signing certificate.

At the request of ESET as a Google App Defense Alliance partner, in January 2022, Google removed 13 malicious apps found in the Google Play Store that constituted the legitimate Jaxx Liberty Wallet app; they have been installed more than 1,100 times. One of the apps on this list used a fake website that mimicked the Jaxx Liberty as a delivery vehicle.

Prevention and uninstallation of malware

– ESET researchers often advise users to download and install programs only from official sources.

– A reliable mobile security solution on Android

– On an iOS device, we do not recommend installing applications outside the official application store and be extremely wary of attempts to install additional profiles that allow the installation of third-party software

ESET would like to encourage the community of cryptocurrency users, primarily newcomers, to remain vigilant and use only official wallets and apps downloaded from official app stores.

About ESET:

ESET specializes in the design and development of security software for companies and the general public and is today the leading publisher of endpoint security software in the EU.

For more information?:? Https: //www.eset.com/fr/

Leave a Comment