Protect Your Cryptocurrency: How Scam Crypto Wallet Apps Stole Millions - Trend Micro Identifies 249 Fake Apps

Protect Your Cryptocurrency: How Scam Crypto Wallet Apps Stole Millions – Trend Micro Identifies 249 Fake Apps

Summary:

Fake cryptocurrency wallet apps have stolen over $4.3 million from iPhone and Android users. Trend Micro identified 249 fraudulent apps that mimic legitimate crypto wallet apps, tricking users into installing malware. These scams use phishing emails, fake websites, and social media posts to deceive victims. Once users enter their mnemonic phrases into the fake apps or websites, hackers steal their cryptocurrency by transferring funds to disposable wallets. Victims have been reported in the U.S., France, Germany, Australia, New Zealand, and Japan. Users are advised to only download apps from official app stores and be cautious when updating crypto wallet apps.

Fake apps and websites take more than $4.3 million from iPhone and Android users

Both iPhone and Android users need to make sure that they do not have any of the 249 fake Crypto Wallet apps mentioned by Trend Micro on their phones. These apps pretend to be legit cryptocurrency wallet apps but have led to the theft of more than $4.3 million. Pretending to be from legit crypto wallet app companies, emails are sent out to potential victims containing “malicious links” that lead iOS and Android users to visit listings for the attackers’ fake apps.Do you see the brilliance in this process? By sending victims to a page where their malware-laden apps can be installed, the attackers can avoid having to list their fake apps in the App Store or Google Play Store where they could get banned. And to get iOS and Android users who do have a legit crypto wallet app on their phone to tap on the link, these emails pretend to be from those real crypto wallet apps telling recipients that the current version of their crypto wallet app is out of date and that they must tap on the link to install the latest version.This email tries to get the victim to click on a link to a fake websiteThe hackers also created fake websites designed to look like the ones used by real crypto wallet apps and have domain names slightly different than the real ones. These fake websites appear high up in search results and are another way the criminals get their victims without having to list apps in the App Store or Google Play Store. Another ploy used is to post fake links on social media sites that show fake support messages. Again, the goal is to get victims to visit a fake website.Real crypto wallet website on the left, a fake one created by the hackers is on the rightThe Trend Micro Threat Research team found 249 fake crypto wallet apps including imToken, Bitpie, MetaMask, Trust Wallet, and TokenPocket. The apps were found on phones used by victims in the United States, France, Germany, Australia, New Zealand, and Japan.The fake apps and fake websites steal victims’ mnemonic phrases. These phrases are a series of unrelated words, usually 12 to 24 words in length, that are generated when a crypto wallet app is created. The mnemonic phrases are used to recover a user’s cryptocurrency if a wallet is lost or damaged. But once a mnemonic phrase is typed into one of the fake websites or apps, it goes straight to the hackers.

When the mnemonic phrase is stolen, the hacker will transfer the victim’s cryptocurrency to multiple disposable wallets. Trend Micro’s Threat Research team discovered that $4.3 million passed through one of the disposable wallets. Since most hackers have multiple wallets that are used in these endeavors, we can assume that more than $4.3 million has been stolen.

So what can you do to avoid becoming a victim of this scam? Trend Micro makes the following suggestions:

  • Only download apps from the Google Play Store and the Apple App Store.
  • If you observe any suspicious behavior when updating a crypto wallet app, immediately terminate the update and uninstall the app.
  • To confirm the legitimacy of a crypto wallet app, the first time you transfer money, send only a small amount.

Link: The post “Fake apps and websites take more than $4.3 million from iPhone and Android users” first appeared on Charlesdance.

You May Also Like

Cryptocurrency Wallet Scam: iPhone App Used to Steal $11.8 Million Uzbek National Faces 20 Years in Prison 4 Crypto Theft Scheme

Cryptocurrency Wallet Scam: iPhone App Used to Steal $11.8 Million Uzbek National Faces 20 Years in Prison 4 Crypto Theft Scheme

SafePal and deBridge: Seamless Swaps Between EVM and Non-EVM Chains Revolutionizing Cross-Chain Transactions

SafePal and deBridge: Seamless Swaps Between EVM and Non-EVM Chains Revolutionizing Cross-Chain Transactions

You May Also Like: