The Slovakian-based internet security company, known for its antivirus software NOD32, unveiled several crypto schemes that target mobile users.
ESET began its research into malicious crypto apps back in May of 2021, identifying highly-sophisticated schemes in the blockchain industry.
The cybersecurity firm flagged several clones that were posing as popular cryptocurrency apps, specifically ones that offer digital wallet services like MetaMask, Trust Wallet, Coinbase Wallet, imToken, OneKey, TokenPocket, and BitPie.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What Are Flash Loans? TOP Ways to Make Passive Income Explained
The way these schemes would work, according to ESET, is the hackers would create an identical copy of the app, replicating all the services of the original, in order to make it look legit, and inject malicious code into "places where it would be hard to detect."
More than that, hackers would post advertisements of misleading articles on websites of the legit crypto apps, supposedly displaying information about a certain wallet and leaving a hyperlink that actually redirects to a fraudulent website or app.
ESET’s research team has determined that Chinese customers were the main targets of attack, and believes that the scheme is "the work of a criminal group." In fact, Researcher at ESET Lukáš Štefanko, who was the first to identify the crypto scheme, shared some details on the hack:
"These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection. This means that victims’ funds could be stolen not only by the operator of this scheme, but also by a different attacker eavesdropping on the same network."
According to Štefanko, he and his team discovered and took down over a dozen malicious apps that were posing as the Jaxx Liberty digital wallet. Likewise, they’ve identified several Telegram and Facebook groups that were putting up advertisements for the fraudulent crypto apps, with the majority of them specifically targeting iOS and Android users.
This isn’t the first time that hackers use fraudulent websites and applications to steal crypto funds. Back in February, OpenSea customers were targeted by phishing links, posing as the NFT marketplace, to lure out $1.7M worth of digital assets.
Binance users were also targeted at a similar time, with scammers sending out text messages to customers in the name of Binance, claiming that their crypto exchange accounts made an unauthorized withdrawal, and asking them to press on a fraudulent link.
