Recent research by cybersecurity company ESET revealed a “sophisticated scheme” that disperses Trojan applications uncovered as popular crypto wallets.
The malicious method targets mobile phones running on the Android or Apple (iOS) operating systems, which can be infected if the user downloads a phony application.
Research reveals imitation of real crypto wallets
ESET’s research reveals that the malicious programs imitate real crypto wallets such as MetaMask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey and are disseminated through fraudulent websites.
The firm also uncovered 13 malicious apps on the Google Play Store that imitated the Jaxx Liberty wallet. Google has subsequently removed the infringing apps, which had been installed over 1,100 times, but many more are still hiding on other websites and social media platforms.
The threat actors spread their wares using Facebook and Telegram groups with the goal of stealing crypto assets from their victims. Since May 2021, ESET claims to have discovered “dozens of trojanized cryptocurrency wallet apps.” It also noted that the plan, which it believes is the work of a single group, was largely aimed at Chinese users using Chinese websites.
Cryptojacking going up
Before this, a report by Chainalysis revealed that cryptojacking accounted for 73% of the total value collected by malware-associated addresses between 2017, and a low profile malware is stealing millions of funds.
It uncovered more than 40 copycat websites of popular crypto wallets that behave differently depending on the operating system they are installed on.
The main lead of the team that unraveled the scheme, Lukáš Štefanko, said that not only this, there were also other threat vectors like sending seed phrases to the attacker’s server using unsecured networks, adding:
“This means that victims‘ funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”
ESET urges cryptocurrency users and traders to only download wallets from reputable sources that are associated with the exchange or firm’s official website.
As TheCoinRise reported, Google Cloud announced the Virtual Machine Threat Detection system in February, which scans for and detects “cryptojacking” malware that consumes resources to mine digital currencies.
Read More
All News
December 20, 2025
December 20, 2025
December 20, 2025
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now