An advertising security agency, Confient, has found a slew of malicious activities involving distributed wallet apps, allowing hackers to steal private seeds and acquire users’ funds through backdoor fraudulent wallets. Apps are distributed through cloning of legitimate sites, making it appear that the user is downloading an original app.
Malicious cluster targets Web3-enabled wallets like MetaMask
Hackers are becoming more and more creative when it comes to engineering attacks to take advantage of cryptocurrency users. Confident, a company dedicated to investigating the quality of ads and security threats to Internet users, has warned about a new type of attack affecting users of popular Web3 wallets such as MetaMask and Coinbase Wallet. .
The cluster, which was identified as “Seaflower”, was qualified by Confident as one of the most sophisticated attacks of its kind. The report states that ordinary users cannot detect these apps, as they are identical to the native app, but have a different codebase that allows hackers to steal the wallet’s seed phrases, giving them access to funds. Meets.
Delivery and recommendations
The report found that these apps are mostly distributed outside of regular app stores, through links found by users in search engines such as Baidu. Investigators say the cluster must be of Chinese origin because of the languages in which code comments are written, and other elements such as the location of the infrastructure and the services used.
Links from these apps reach popular places in search sites due to the intelligent operation of SEO optimization, allowing them to rank higher and giving users the confidence that they are reaching the real site. The sophistication in these apps comes down to the way the code is hidden, which tells a lot about how the system works.
The backdoor app sends seed phrases to a remote location at the same time as it is being built, and this is the main attack vector for MetaMask fraudsters. For other wallets, Seaflower also uses a similar attack vector.
There are several recommendations made by experts when it comes to keeping purses safe in devices. These backdoor applications are only being distributed outside of the App Store, so Confident advises users to always try to install these apps on Android and iOS from the official store.
What do you think about backdoor MetaMask and Web3 Wallet? Tell us in the comments section below.
image credit:shutterstock, pixabay, wikicommons, photo_gonzo
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation or recommendation or endorsement of an offer to buy or sell any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the Company nor the author is responsible, directly or indirectly, for any damage or loss alleged to be caused by or in connection with the use or reliance on any content, goods or services mentioned in this article.