ZDNet reports that more than 40 websites have been impersonating widely used cryptocurrency websites to lure Android
and iOS users into downloading fake cryptocurrency wallet apps with trojan malware
aimed at exfiltrating cryptocurrency.
Threat actors behind the campaign have not only been leveraging online advertising and crypto- and blockchain-related website posts but also using the Telegram messaging app to distribute the malware, an ESET report revealed.
The report also showed that malware-distributing affiliates could be given up to 50% commission based on the amount exfiltrated from successfully compromised cryptocurrency wallets.
"We would like to appeal to the cryptocurrency community, mainly newcomers, to stay vigilant and use only official mobile wallets and exchange apps, downloaded from official app stores that are explicitly linked to the official websites of such services, and to remind iOS device users of the dangers of accepting configuration profiles from anything but the most trustworthy of sources," said ESET researcher Lukáš Štefanko.