(Insidebitcoins) Cybersecurity researchers at ESET have uncovered a mobile wallet app scam that targets Chinese users. According to the researchers, the scammers created fake iOS and Android digital wallet apps to redirect cryptocurrency funds.
The bogus apps are designed to look genuine, making it easier for users to fall prey to the scam. The hackers made sure that the fake apps they created function exactly like the originals to make them look more convincing.
The Scammers Are Impersonating Major Apps
The malicious apps impersonated companies like TokenPocket, MetaMask, imToken, Trust Wallet, and Coinbase to steal victims’ secret seed phrases.
The scammers recruited intermediaries through Facebook groups and Telegram to deceive their targets into downloading the app. These fake wallet services were promoted through counterfeit wallet websites targeting most Chinese users, according to the researchers.
The cybersecurity team revealed that its investigation about the scammers started in May 2021. It revealed that a single individual group is responsible for the campaign. The scammer created “trojan horse” wallet services that impersonated the functionality of genuine applications.
They incorporated malicious code used for redirecting crypto-assets into the fake app. However, the scammers place the malicious code in the app in an area where they will circumvent security software. As a result, they can stay hidden within the victim’s system for a long time without being discovered.
The Malicious App Also Poses A Secondary Threat
The malicious app is also dangerous in other aspects, as they are capable of sending seed phrases to the C2 server of the attacker using an unsecured HTTP connection.
It means that apart from the primary threat, other cybercriminals could get hold of the code, which represents a secondary threat.
This means that users can suffer multiple attacks not only by the original scammer but by other different attackers eavesdropping on the same network. The researchers also said they discovered 13 malicious apps on the Google Play store that imitate the Jaxx Liberty wallet.