Besoin d’un portemonnaie pour vos cryptomonnaies, attention à ces logiciels malveillants

Need a wallet for your cryptocurrencies, beware of this malware

Share it

The price of bitcoin (€20,558.07) is down about 69% from its all-time high about seven months ago. For cryptocurrency investors, this could be the time to panic and withdraw their funds, or for newcomers to jump at the chance and buy cryptocurrency at an attractive price. If you belong to one of these groups, you should carefully choose which mobile application to use to manage your funds.

ESET Research has identified over 40 websites spoofing popular cryptocurrency wallets. These websites only target mobile users and offer them to download malicious wallet apps. ESET was able to trace the distribution vector of these trojanized cryptocurrency wallets, as well as the creation of several Telegram groups that started looking for affiliate partners. Shortly after, ESET found that these “Telegram” groups were shared and promoted in at least 56 Facebook groups, with the same goal: to find more distribution partners.

Differences in behavior on iOS and Android

The malicious application behaves differently depending on the operating system on which it was installed. On Android, it seems to target new cryptocurrency users who don’t yet have a legitimate wallet app installed on their devices. Trojan-infected wallets have the same package name as legitimate applications; however, they are signed using a different certificate. On iOS, the victim can have both versions installed – the legitimate one from the App Store and the malicious one from a website – as they do not share the same Bundle ID.

For Android devices, the sites offered the option to directly download the malicious app from their servers even when the user clicked the “Download from Google Play” button. Once downloaded, the application must be installed manually by the user. Regarding iOS, these malicious applications are not available on the App Store; they must be downloaded and installed using configuration profiles, which add an arbitrary trusted code signing certificate.

Findings from ESET Research

For both platforms, the downloaded apps behave like fully functional wallets. This is possible because attackers have taken legitimate wallet applications and compiled them with malicious code. Repackaging these legitimate wallet apps had to be done manually, without using automated tools. ESET Research has discovered that the front-end and back-end source code, as well as the recompiled and patched mobile apps included in these malicious wallet systems, have been publicly shared on at least five Chinese websites and a few Telegram groups in November 2021.

At the request of ESET as a Google App Defense Alliance partner, in January 2022 Google removed 13 malicious apps found on the Google Play Store that posed as the legitimate Jaxx Liberty Wallet app; they have been installed more than 1,100 times. One of the apps on this list used a fake website that imitated Jaxx Liberty as a delivery vehicle.

Malware prevention and uninstallation

The case of Android:

– ESET researchers frequently advise users to download and install applications only from official sources.

– A reliable mobile security solution should be able to detect this threat on an Android device (For example, ESET products detect this threat as Android/FakeWallet).

– In the case of Google Play Store, ESET is committed to further protecting the mobile ecosystem, by partnering with other security vendors and Google in the App Defense Alliance to assist in the verification of applications submitted for registration on Google Play.

On an iOS device, the nature of the operating system allows an app to communicate with other apps only in a very limited way. This is why for iOS, no security solution is offered, because they could not self-scan.

In the future, we might expect an expansion of this threat, as cyber criminals recruit intermediaries via Telegram and Facebook groups to further spread this malware, offering them a percentage of the stolen cryptocurrency in wallets. .

ESET would like to remind cryptocurrency investors, mainly newcomers, to remain vigilant and only use official mobile wallets and exchange apps, downloaded from official app stores. We would like to remind iOS device users of the dangers of accepting configuration profiles from anything but the most trusted sources.

About ESET:

Specialized in the design and development of security software for companies and the general public, ESET is today the leading endpoint security software publisher in the European Union. A pioneer in proactive detection, ESET has been named for the 2nd consecutive year, the only Challenger in the Gartner Magic Quadrant 2019*, “Endpoint Protection” after being evaluated on its performance and the quality of its vision in the field of endpoint protection. To date, the ESET NOD32 antivirus has held the world record for awards given by the independent laboratory Virus Bulletin since 1998. ESET technology now protects more than one billion Internet users. *Source: Gartner Inc, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Lawrence Pingree, Dionisio Zumerle, Prateek Bhajanka, Paul Webber, August 20, 2019.


#wallet #cryptocurrencies #beware #malware

Share it