Security Experts Blow the Top off Mobile Wallet App Scam Targeting Chinese Users

Share Article
In Brief
  • New wallet scam spoofs apps from reputable vendors to steal seed phrases.

  • The apps affected Android and Apple devices.

  • The hack seems to have targeted Chinese users via Telegram.

  • promo

    Deposit and make your first trade for up to $3,000 in rewards Get Started Now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Cybersecurity researchers at Slovak cybersecurity firm ESET have peeled back the layers of a sophisticated cryptocurrency scam targeting Chinese users.

The scammers created counterfeits of legitimate Android and iOS digital wallet applications to redirect cryptocurrency funds. “These malicious apps were able to steal victims’ secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey,” reported senior researcher at Slovak cyber security firm ESET, Lukáš Štefanko. Trojan horse apps targeted Android users without a genuine app. In contrast, iOS users could have installed authentic and counterfeit apps.

The counterfeit wallet services were promoted via fake wallet websites targeting Chinese users and recruiting intermediaries through Telegram and Facebook groups to dupe visitors into downloading the app.

When did it start?

Investigations beginning in May 2021 revealed a single criminal group as the individuals responsible for creating “trojan horse” wallet services that copied the functionality of the original applications, incorporating malicious code responsible for redirecting crypto assets. The malicious code was injected into the app in places that would escape cursory examination.

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection,” said Štefanko. This presents a secondary threat since other criminals eavesdropping on this unsecured link could steal the seed phrases.

Hack can spread, warns expert

ESET found multiple groups promoting the trojan horse applications on Telegram, the messaging application and sharing them on 56 Facebook groups. All communication on the Telegram groups was done in Chinese. Individuals promoting these applications were promised a 50% cut of the stolen crypto.

The fake iOS applications were not available on the Apple App Store but rather through malicious sites and used configuration profiles unauthorized by Apple. Thirteen fake Android apps masquerading as Jaxx Liberty Wallet on Google’s Play Store were removed from the marketplace by Jan. 2022, not before being installed over 1000 times. Štefanko said the apps tried to steal the user’s recovery seed phrase and then forward them to a server or a Telegram group.

ESET warns users of the possibility of the hack affecting other parts of society. “Moreover, it seems that the source code of this threat has been leaked and shared on a few Chinese websites, which might attract various threat actors and spread this threat even further,” Štefanko added.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

David is an electronic engineer with nine years of experience. He joined BeInCrypto to combine his passion for writing and his interest in fast-moving industries, cultivated from his university days. He hopes to make crypto easy to understand.

Follow Author

Make your first deposit and trade now to earn up to $3,000 in rewards!      

Join

UUEX airdrop: Sign up to get 50 USDT, you can Withdraw to Wallet

Sign up

Poloniex Space Traveller Program: Sign up to get 30 USDT.

Get now