Security News > 2022 > June > Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds.
"As of today, the main current objective of SeaFlower is to modify Web3 wallets with backdoor code that ultimately exfiltrates the seed phrase," Confiant's Taha Karim said in a technical deep-dive of the campaign.
Targeted apps include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken.
SeaFlower's modus operandi involves setting up cloned websites that act as a conduit to download trojanized versions of the wallet apps that are virtually unchanged from their original counterparts except for the addition of new code designed to exfiltrate the seed phrase to a remote domain.
The malicious activity is also engineered to target iOS users by means of provisioning profiles that enable the apps to be sideloaded onto the devices.
As for how users stumble upon these websites offering fraudulent wallets, the attack leverages SEO poisoning techniques on Chinese search engines like Baidu and Sogou so that searches for terms such as "Download MetaMask iOS" are rigged to surface the drive-by download pages on top of the search results page.
News URL
https://thehackernews.com/2022/06/chinese-hackers-distribute-backdoored.html
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)