Security News > 2022 > June > Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto
In a recent report, Confiant notes that the malicious cryptocurrency apps are identical to the real ones but they come with a backdoor that can steal the users' security phrase for accessing the digital assets.
Confiant analysts reversed engineer the apps to figure out how SeaFlower authors had planted the backdoors and found similar code in all of them.
For the MetaMask app on iOS, the backdoor code is activated upon generating the seed phrase and before it is stored in an encrypted form.
The backdoor code wasn't as diligently hidden in the Android variants malicious apps, and the researchers could access more of their functions without much effort.
Injecting react native bundles is definitely something new in the backdoors world, it has to do with metamask being a react native app.
To protect against these sneaky threats, cryptocurrency users should download wallet applications only from trusted sources, such as official app stores or from the developer's website.
News URL
Related news
- AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (source)