Security News > 2022 > June > Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto
In a recent report, Confiant notes that the malicious cryptocurrency apps are identical to the real ones but they come with a backdoor that can steal the users' security phrase for accessing the digital assets.
Confiant analysts reversed engineer the apps to figure out how SeaFlower authors had planted the backdoors and found similar code in all of them.
For the MetaMask app on iOS, the backdoor code is activated upon generating the seed phrase and before it is stored in an encrypted form.
The backdoor code wasn't as diligently hidden in the Android variants malicious apps, and the researchers could access more of their functions without much effort.
Injecting react native bundles is definitely something new in the backdoors world, it has to do with metamask being a react native app.
To protect against these sneaky threats, cryptocurrency users should download wallet applications only from trusted sources, such as official app stores or from the developer's website.
News URL
Related news
- Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (source)
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (source)