We live in a world where the digital world and market are growing speedily, and the price of cryptocurrencies such as bitcoin and Ethereum are increasing daily. But unfortunately, cybercrime has also increased among scheming cryptocurrency users.
In 2021, a trojan app was rumored to be operating, disguised as a crypto wallet, and scheming mainly Chinese users through social media groups and fake websites.
In a Kaspersky Lab report, the cryptoshuffler Trojan steals up to 23 BTC worth of $140,00 in cryptocurrency from wallets by replacing the address with its own in the clipboard of the user device. This group also uses social media platforms to circulate the fake app, as, according to ESET, dozens of Telegram groups advertise fake apps, also carried by 56 other Facebook groups.
According to the discovery made by ESET, a cyber security firm, 13 malware apps target websites and imitate genuine crypto wallets, including Metamask and Coinbase. Trust wallet, TokenPocket, Bitpie, imToken, and OneKey were among the others. On its end, the Google Play store has removed the apps impersonating the Jaxx liberty wallet that 1,100 unknown users have downloaded. Though the fake app may still be hiding on other social media platforms and websites,
Malware Researcher, Lukas Stefanko, stated that other threat vectors include forwarding seed phrases to the attacker's server through an illegal connection. He added that "this means that the victims' funds could not only be stolen by the operator of the scheme but also by a different attacker eavesdropping on the same network."
It is known in the public domain that this malware works differently depending on where the fake wallet apps are installed. It targets a new cryptocurrency that the owner has not traded on before, prompting the user to download the appropriate wallet on Android. Nevertheless, on iOS, the app can be downloaded using an arbitrary, trusted code-signing certificate to avoid Apple's app store. The user can have both a real app and a fake one downloaded.
However, the ESET research team urges cryptocurrency investors and traders to be careful and download only from trusted sources linked to the company or crypto exchange's official website.
Google Cloud has introduced a cryptojacking machine called the Virtual Machine Threat Detection (VMTD) that identifies malware using resources to mine digital currency.