Google removes 13 apps after ESET discovers ‘trojanized’ digital currency wallets

Internet security company ESET has discovered a network of digital currency malware that is distributed via trojanized apps disguised as popular digital currency wallets.

In a recent press release, the Slovak company revealed that the sophisticated malicious digital currency scheme targets mobile devices running both Android and iOS. The attackers distributed the malicious apps through fake websites, mimicking popular wallets such as Coinbase, TokenPocket, OneKey, Trust Wallet and Metamask.

ESET first discovered the trojanized wallets in May 2021. The company described the campaign as a “sophisticated attack vector” as it involved in-depth analysis of legitimate applications allowing the insertion of the malicious code in such a way that it would be extremely difficult for security professionals to detect, while ensuring that the fake apps had the same functionality as the genuine apps.

ESET believes the fake apps were the work of a group of cybercriminals.

As the company further revealed, it had found several Telegram groups in which malicious copies of the legitimate wallets were promoted. He believes it was the criminal group behind the apps that started these groups to target a wider audience. Starting in October 2021, these groups spilled over to Facebook, and later that year they even pushed their fake wallets onto at least two legitimate Chinese websites.

The main purpose behind the malicious apps is to steal victims’ digital assets, ESET says, adding that they mainly targeted Chinese users.

Through a partnership it has with Google, ESET notified the search engine giant behind Android of the malicious apps, resulting in the removal of 13 apps believed to have been compromised by the attackers.

“These malicious apps also pose another threat to victims, as some of them send victims secret seed phrases to the attackers’ server using an insecure HTTP connection. This means that victims’ funds could be stolen not only by the operator of this scheme, but also by another attacker listening to the same network,” commented Lukáš Štefanko, the ESET researcher who discovered the scheme.

Watch: CoinGeek New York Presentation, FYI: Better Information Tools for a More Legal Blockchain Industry

New to Bitcoin? Discover CoinGeek bitcoin for beginners section, the ultimate resource guide to learn more about Bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.

Sylvia B. Polson