Cyber criminals are attempting to stealing cryptocurrency from Android and iPhone users by luring them into downloading malicious apps posing as cryptocurrency wallet services.
Cybersecurity researchers at ESET have identified over 40 copycat websites designed to look like those of popular cryptocurrency websites, but which actually trick users into downloading fake versions of the apps containing trojan malware. New cryptocurrency users appear to be targeted in particular. The websites are specifically designed to target mobile users and lure them into downloading the malware.
The attackers use online advertising, posted to legitimate cryptocurrency and blockchain related websites, to direct traffic to the malicious cryptocurrency wallet downloads.
Those behind the attacks – who researchers note communicate in Chinese – also use messaging app Telegram to search for affiliates to help spread the malware, with some of these links also being shared in Facebook groups, complete with step-by-step video tutorials on how the fake wallets work and how to steal cryptocurrency from victims.
Affiliates who help distribute the malware can be offered as much as 50% commission on the stolen contents of cryptocurrency wallets which are successfully compromised.
The malware works differently depending on whether the victim is an iOS or Android user. On Android