McAfee’s Mobile Research Team has discovered 280 Android apps that come across as legitimate but are covertly trying to gain access to people's cryptocurrency wallets.
Cybercriminals have created Android malware which is delivered through harmless-looking apps. McAfee has not published the names of the apps but has revealed that they fall into various categories, including government services, banking and utilities.
The malware primarily aims to obtain the mnemonic phrase, also known as the mnemonic recovery phrase or seed word, for your cryptocurrency wallet. The phrase, which is typically 12, 18, or 24 words, is all that a cybercriminal needs to access your digital assets.
As Beeping Computer notes, since recovery phrases are not necessarily easy to remember, people often take screenshots of their recovery phrases and save them in their galleries.
The malware takes advantage of that by sending all the images stored on a victim's device to the attackers’ server. Optical character recognition (OCR) techniques are then used to convert the images to text.
How's the malware spread?
Two fake websites where this Android malware is hosted
The phony apps are not hosted on Google Play. Instead, the links to download are advertised through text messages or social media. Deceptive techniques are often used to trick you into thinking that the link was sent by a reliable source, such as an organization you know or a friend.
When you click on the link, you are taken to a website that looks authentic. After an app is downloaded, it asks for permission to access sensitive information such as your contacts, text messages, and storage, and to stay active in the background. You are given the impression that the permissions are crucial to the functioning of the app.
The fake apps trick you into granting sensitive permissions
In addition to covertly stealing your pictures, the apps are also capable of lifting your contacts so that the download link may then be sent to them. The apps also intercept your text messages, giving them the capability to steal two-factor authentication codes.
This malware campaign is primarily targeting users based in Korea but it has recently started to spread to the UK as well. Researchers also found evidence that suggests that the attackers are developing malware for iOS as well.
Recommended Stories
It's always best to only downloads Android apps from Google Play. If you recall downloading an app from a third-party source, you might consider deleting it, especially if you have observed odd behaviour such as unexpected redirects or too many loading screens. As an extra step, you should also run a Google Play Protect scan to purge your phone of any malware.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: