Doctor Web has warned about the spread of Trojans designed to steal cryptocurrencies from mobile device owners.
Malicious applications steal secret seed phrases that are needed to access crypto wallets. According to experts, users of both Android-based devices and Apple iOS-based smartphones are at risk.
Detected Trojan applications hide in hacker-modified versions of popular crypto wallets. Currently, experts have tracked cases of malicious code injection into copies of applications such as imToken, MetaMask, Bitpie and TokenPocket, but this list may be wider.
Known modifications of identified threats are identified by Dr.Web as Trojans from the Android.CoinSteal and IPhoneOS.CoinSteal families. Among them are Android.CoinSteal.7, Android.CoinSteal.8, Android.CoinSteal.10, IPhoneOS.CoinSteal.1, IPhoneOS.CoinSteal.2, IPhoneOS.CoinSteal.3 and others.
Trojan versions of crypto wallets are distributed through malicious sites that copy the appearance and functionality of the original web resources of the respective projects. The addresses of such sites are also as close as possible to the real ones.
Depending on the type of device from which the fake sites are visited, users are prompted to download and install the version of the wallet for the respective platform – Android or iOS. Trojan versions for Android are most often downloaded directly from a visited malicious resource. In this case, owners of iOS devices are usually redirected to another site designed in the style of the official Apple application catalog.
Even though both operating systems have third-party software installation disabled or disabled by default, it is still possible. So, on Android devices, it is enough to enable the necessary option in the system settings. And in the case of Apple devices, fraudsters use the installation mechanism through special configuration profiles (configuration profiles) and provisioning profiles (provisioning profiles). At the same time, it is not required for installation, a jailbreak was performed on the device.
Since Trojans are copies of real applications with minimal modifications, they work exactly like the originals, and it is almost impossible to distinguish them from each other by external signs.
Even more like the iPhone: Apple Watch Series 8 showed from all sides in high-quality images
Source: iPhone 14 will get a front camera with autofocus
“Alien” and “Predator” hunt for Android-smartphones. Details about the new spyware
Android users have been targeted by a new spyware called Alien that can download malware or the Predator virus. The spyware was allegedly developed by Cytrox in North Macedonia.
Google claims that several exploits, which collectively fall under the Alien spyware category, were sold by Cytrox to various government-backed groups. CitizenLab, an online security research company, has also discovered several attacks, and Google claims they are all related to Alien spyware.
Google claims that zero-day exploits based on Alien spyware are used alongside some older exploits. It appears that malware developers are actively trying to take advantage of the time difference between when some critical bugs were fixed but not flagged as security issues and when those fixes were fully rolled out to the Android ecosystem.
The virus spreads mainly through email. Victims receive email messages with suspicious links. Either link redirects victims to a website that installs malware.
The virus can potentially record audio, hide applications, and perform a number of other actions. Google claims to have sent out patches to fix the vulnerabilities. However, it is important that Android users remain cautious when opening emails from unfamiliar sources. Also, email users should never click on links embedded in emails without first verifying the identity of the sender.
Chinese rover goes dormant on Mars
VTB online bank launched bill payment using QR codes
Components5 days ago
Electric Cars7 days ago
News6 days ago
Components6 days ago
Huawei Watch D is presented in Europe – the first smart watch with a blood pressure monitor