Fake apps and websites take more than $4.3 million from iPhone and Android users

Fake apps and websites take more than $4.3 million from iPhone and Android users،

iPhone and Android users should make sure they don't have any of the 249 fake Crypto Wallet apps mentioned by Trend Micro on their phones. These apps claim to be legitimate cryptocurrency wallet apps, but have led to the theft of over $4.3 million. Posing as legitimate crypto wallet app companies, emails are sent to potential victims containing “malicious links” that trick iOS and Android users into visiting the attackers' lists of fake apps.

Do you see the genius of this process? By sending victims to a page where their malware-laden apps can be installed, attackers can avoid having to list their fake apps in the App Store or Google Play Store where they could be banned. And to trick iOS and Android users who have a legitimate crypto wallet app on their phone into tapping the link, these emails pretend to come from these genuine crypto wallet apps, telling recipients that the current version of their Crypto wallet app is deprecated. and they need to tap the link to install the latest version.

This email attempts to trick the victim into clicking a link to a fake website

Hackers have also created fake websites designed to look like those used by real crypto wallet apps and whose domain names are slightly different from the real ones. These fake websites appear at the top of search results and are another way for criminals to find their victims without having to list the apps in the App Store or Google Play Store. Another ploy used is posting fake links on social media sites that display fake support messages. Again, the goal is to trick victims into visiting a fake website.

A Real Crypto Wallet Website on the Left, a Fake Created by Hackers on the Right – Fake Apps and Websites Take Over $4.3 Million From iPhone and Android Users.

A real crypto wallet site on the left, a fake created by hackers is on the right

The Trend Micro Threat Research team discovered 249 fake crypto wallet apps, including imToken, Bitpie, MetaMask, Trust Wallet, and TokenPocket. The apps were found on phones used by victims in the United States, France, Germany, Australia, New Zealand and Japan.

Fake apps and websites steal mnemonic phrases from victims. These phrases are a series of unrelated words, usually 12 to 24 words, that are generated when creating a crypto wallet application. Mnemonic phrases are used to recover a user's cryptocurrency if a wallet is lost or damaged. But once a mnemonic phrase is entered into one of the fake websites or apps, it goes straight to the hackers.

When the mnemonic phrase is stolen, the hacker transfers the victim's cryptocurrency to multiple disposable wallets. Trend Micro's threat research team discovered that $4.3 million was flowing through one of the disposable wallets. Since most hackers use multiple wallets in these efforts, we can assume that over $4.3 million was stolen.

So, what can you do to avoid falling victim to this scam? Trend Micro makes the following suggestions:

Only download apps from the Google Play Store and Apple App Store.
If you observe suspicious behavior while updating a crypto wallet app, immediately terminate the update and uninstall the app.
To confirm the legitimacy of a crypto wallet app, the first time you transfer money, only send a small amount.