Bratislava – Cyber security firm ESET has discovered a malicious scheme that spreads Trojan applications disguised as popular cryptocurrency wallets.
The malicious scheme targets Android and iOS mobile devices, which can be hacked if users download fake apps.
A Trojan horse is malicious software that can enter a user’s computer or device by attacking a server site.
According to an ESET investigation, these malicious apps will spread across fake web sites and will masquerade as legitimate crypto wallets, including MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken and OneKey.
ESET was launched from cointelegraph.com, where it discovered 13 malicious Trojan applications mimicking the Jaxx Liberty wallet.
This trojan app was available in the Google Play Store, before Google removed this app because it was considered infringing.
However, there are many malicious Trojan horse applications that are rumored to be circulating on other websites and social media platforms.
In May 2021, Slovakia-based ESET claimed to have discovered dozens of Trojan applications that pretended to be cryptocurrency wallets.
The company also said the scheme was believed to be the work of a group targeting consumers from China.
Lukáš Tefanko, a researcher at ESET, revealed that funds in the victim’s crypto wallet could not only be stolen by the operator of the scheme but also by other attackers.
“This means that the victim’s money can be stolen not only by the operator of the scheme but also by other attackers who eavesdropped on the same network,” Tivanko said.
ESET advises investors and traders of crypto assets to install portfolios from trusted sources that are linked to the official website of the exchange or company.
Last month, Google Cloud launched a Virtual Machine Threat Detection (VMTD) system, which scans and detects “cryptojacking” malware, which can seize resources to mine digital assets. According to a January report by software company Chainalysis, crypto accounted for 73 percent of the total value received by malware -related wallets and addresses between 2017 and 2021.