Security News > 2022 > June > Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto
In a recent report, Confiant notes that the malicious cryptocurrency apps are identical to the real ones but they come with a backdoor that can steal the users' security phrase for accessing the digital assets.
Confiant analysts reversed engineer the apps to figure out how SeaFlower authors had planted the backdoors and found similar code in all of them.
For the MetaMask app on iOS, the backdoor code is activated upon generating the seed phrase and before it is stored in an encrypted form.
The backdoor code wasn't as diligently hidden in the Android variants malicious apps, and the researchers could access more of their functions without much effort.
Injecting react native bundles is definitely something new in the backdoors world, it has to do with metamask being a react native app.
To protect against these sneaky threats, cryptocurrency users should download wallet applications only from trusted sources, such as official app stores or from the developer's website.