Fake apps and websites take more than $4.3 million from iPhone and Android users،
iPhone and Android users should make sure they don't have any of the 249 fake Crypto Wallet apps mentioned by Trend Micro on their phones. These apps claim to be legitimate cryptocurrency wallet apps, but have led to the theft of over $4.3 million. Posing as legitimate crypto wallet app companies, emails are sent to potential victims containing “malicious links” that trick iOS and Android users into visiting the attackers' lists of fake apps.
This email attempts to trick the victim into clicking a link to a fake website
Hackers have also created fake websites designed to look like those used by real crypto wallet apps and whose domain names are slightly different from the real ones. These fake websites appear at the top of search results and are another way for criminals to find their victims without having to list the apps in the App Store or Google Play Store. Another ploy used is posting fake links on social media sites that display fake support messages. Again, the goal is to trick victims into visiting a fake website.
A real crypto wallet site on the left, a fake created by hackers is on the right
The Trend Micro Threat Research team discovered 249 fake crypto wallet apps, including imToken, Bitpie, MetaMask, Trust Wallet, and TokenPocket. The apps were found on phones used by victims in the United States, France, Germany, Australia, New Zealand and Japan.
Fake apps and websites steal mnemonic phrases from victims. These phrases are a series of unrelated words, usually 12 to 24 words, that are generated when creating a crypto wallet application. Mnemonic phrases are used to recover a user's cryptocurrency if a wallet is lost or damaged. But once a mnemonic phrase is entered into one of the fake websites or apps, it goes straight to the hackers.
So, what can you do to avoid falling victim to this scam? Trend Micro makes the following suggestions:
- Only download apps from the Google Play Store and Apple App Store.
- If you observe suspicious behavior while updating a crypto wallet app, immediately terminate the update and uninstall the app.
- To confirm the legitimacy of a crypto wallet app, the first time you transfer money, only send a small amount.