As internet usage increases, many things such as mobile applications take a more important place in our lives. Cryptocurrencies are likewise getting more and more popular and become a topic that almost everyone talks about. However, criminals in the cyber world continue to try to defraud people by taking advantage of these situations.
ESET, now an antivirus manufacturer and internet security firm, has uncovered a cryptocurrency scam targeting Android and iOS users since May last year. According to the statements, malicious applications are used to steal crypto money from people.
They impersonate cryptocurrency wallets
According to reports, criminals are using fake websites to steal Bitcoin (BTC) and other cryptocurrencies from users. These sites also play an important role in the distribution of malicious applications. These applications; It is reported that Metamask imitates crypto wallets that are very popular among investors such as Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken and OneKey.
ESET states that criminals have inserted advertisements on some official websites containing misleading articles supporting the fake websites we have specified; As a result, he stated that applications spread from those websites. Stating that the situation is also experienced on platforms such as Telegram and Facebook, researchers said that for now, Chinese users are generally targeted; However, he stated that it could spread to other places as well. Considering that the use of cryptocurrencies is quite common in our country, this revealed that caution should be exercised in the future.
Stating that it found dozens of malicious applications in its reviews, ESET emphasizes that these cybercriminals are very difficult to detect and that fake applications have functions very close to the originals. For this reason, it is stated that people should download cryptocurrency wallet applications only from the App Store and Google Play Store.
Finally, a researcher from ESET did not neglect to give different details on the subject. Speaking in the press release, Lukáš Štefanko said that these applications send secret seed phrases (phrases used to access cryptocurrency wallets) to attackers via an insecure HTTP connection; He added that as a result, victims’ cryptocurrencies were stolen.