Risk Assessments/Management, Breach, Threat Management, Threat Management, Endpoint/Device Security, Security Architecture

Crypto wallet spoofing apps target mobile users

ZDNet reports that more than 40 websites have been impersonating widely used cryptocurrency websites to lure Android and iOS users into downloading fake cryptocurrency wallet apps with trojan malware aimed at exfiltrating cryptocurrency. Threat actors behind the campaign have not only been leveraging online advertising and crypto- and blockchain-related website posts but also using the Telegram messaging app to distribute the malware, an ESET report revealed. The report also showed that malware-distributing affiliates could be given up to 50% commission based on the amount exfiltrated from successfully compromised cryptocurrency wallets. "We would like to appeal to the cryptocurrency community, mainly newcomers, to stay vigilant and use only official mobile wallets and exchange apps, downloaded from official app stores that are explicitly linked to the official websites of such services, and to remind iOS device users of the dangers of accepting configuration profiles from anything but the most trustworthy of sources," said ESET researcher Lukáš Štefanko.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.