Researchers discovered that mobile malware is now targeting crypto-currencies with the intent of stealing victims’ funds.
Because crypto-currencies can have a massive increase in value in time the attempt of malicious attacks that steals coins from users is on the rise. Most of these assaults involved PC malware that can be quickly stopped by a strong cybersecurity solution line an antivirus. We recommend to always use an antivirus for Mac or antivirus for Windows, depending on which OS your device is using, if you want to have your data safe and secured.
Things don’t stop at PCs or Macs, recent incidents have shown that mobile threats are on the rise as well.
During a malware analysis, our cybersecurity team saw that TrickBot Trojan was using web injection to steal virtual coins from its victims by replacing legitimate addresses with those of the cybercriminal. This is not a single cybersecurity problem; there is other mobile malware that is now using screen overlays to trick victims into sending funds directly to the cybercriminal.
Because users are more likely to discover a mining operation on a mobile device when observing overheating, low performance and faster battery drain and because patience isn’t that profitable mobile malware that are using malicious miners to collect coins, are not enough for cybercriminals.
This is why cybercriminals now are focusing on using web injections to trick users with false on-screen information to steal their access credentials and take over accounts.
Some of the mobile malware families capable of this kind of operations are ExoBot, BankBot, Marcher, and Mazar.
After scanning launched applications, these Trojans can display a hardcoded or dynamically fetched overlay and hide the legitimate app screen behind a fake one.
Therefore victims end up revealing their credentials to the cybercriminals, and if a second-factor authorization is required, the malware can hijack it without alerting the victim.
This method works very well because cybercriminals have used it in attacks targeting bank accounts, for years and nowadays the technique has been adapted for the theft of crypto-coins.
Researchers had found out that trojans such as BankBot and Marcher have been already packed with the necessary functionality to overlay a fake screen when the user opens relevant wallet apps.
Those new strains of malware are targeting multiple virtual coins, like Bitcoin, Bitcoin Cash, Ethereum, Litecoin, and Monero.
Before investing in crypto coins, we recommend doing a study on the coin that you want to buy. If you find one that worths the investment consider investing first in your cybersecurity. Use 2FA on every account that you have and always double check everything including crypto handling platforms, the most secured ones are those who are using a cyber-secure web hosting service.