Hackers are using fake apps and wallets to steal your crypto TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Hackers are using fake apps and wallets to steal your crypto By Sead Fadilpašić published 14 June 2022 Popular crypto apps are getting cloned as Web3 users targeted (Image credit: eToro) Audio player loading… Cryptocurrency users and enthusiasts are being targeted by malicious actors with fake wallet apps that steal their precious tokens, researchers have found. Cybersecurity researchers from Confiant discovered that some of the world's most popular cryptocurrency wallets are being spoofed by clones (opens in new tab) that carry malware. Coinbase, MetaMask, TokenPocket, and imToken products are among those affected, with the threat actors hainge created apps seemingly identical to the legitimate ones, but with one key difference - they carry a backdoor that's capable of stealing people's security phrases. The security phrase, or secret key, is a string of words used to recover, or load, an existing wallet into the new app. (opens in new tab) Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99. Tens of millions of potential targets People use it when they forget their passwords, install the app on a new endpoint, or otherwise need to load a wallet on a different device. Being malicious, these apps cannot be found on official app repositories, such as the Play Store or App Store. Instead, the threat actors rely on distributing the app via web pages, which they promote through black SEO techniques, SEO poisoning, social media marketing, forum promotions, malvertising, etc. The researchers could not say how many people were tricked into downloading these apps, but Coinbase's app alone has more than 10 million downloads, just on Android. Read more> Popular crypto wallet discontinued after fatal flaw discovered (opens in new tab) > Scammers are using a whole load of tricks to launch cryptomining scams (opens in new tab) > Dangerous phishing pop-ups appear across major crypto websites (opens in new tab) As for the victims, the attackers seem to be mostly targeting the Asian population. Search results from the Baidu engine have been most impacted by the campaign, as these have been directing "massive amounts" of traffic (opens in new tab) to the sites that host the malicious apps. The attackers themselves seem to be Asian, as well. Confiant calls them SeaFlower, and believes them to be Chinese due to subtle hints like the language of the comments in the source code, the location of the infrastructure, and the frameworks and services used. The campaign seems to have been active since at least March this year, Confiant says, adding that it's "the most technically sophisticated threat targeting web3 users, right after the infamous Lazarus Group." Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2PC gamers are shunning high-end GPUs – spelling trouble for the Nvidia RTX 40903It looks like Fallout's spiritual successor is getting a PS5 remaster4Canceled by Netflix: it's the end of the road for Firefly Lane5Beg all you want - these beer game devs will not break the laws of physics for you 1We finally know what 'Wi-Fi' stands for - and it's not what you think2Brave is about to solve one of the most frustrating problems with browsing the web3iPhone 14 Plus review4She-Hulk episode 8 just confirmed Netflix's Daredevil TV show is canon in the MCU5A whole new breed of SSDs is about to break through Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)