• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese hackers distribute backdoored web3 wallets for ios and android

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

You are here: Home / General Cyber Security News / Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users
June 13, 2022

A technically sophisticated danger actor regarded as SeaFlower has been targeting Android and iOS users as portion of an in depth campaign that mimics formal cryptocurrency wallet sites intending to distribute backdoored applications that drain victims’ resources.

Explained to be 1st identified in March 2022, the cluster of activity “trace[s] to a robust connection with a Chinese-speaking entity nevertheless to be uncovered,” dependent on the macOS usernames, supply code responses in the backdoor code, and its abuse of Alibaba’s Material Shipping and delivery Network (CDN).

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“As of these days, the key present-day objective of SeaFlower is to modify Web3 wallets with backdoor code that in the end exfiltrates the seed phrase,” Confiant’s Taha Karim mentioned in a technical deep-dive of the marketing campaign.

Targeted applications include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken.

SeaFlower’s modus operandi involves location up cloned internet sites that act as a conduit to obtain trojanized versions of the wallet apps that are nearly unchanged from their initial counterparts apart from for the addition of new code designed to exfiltrate the seed phrase to a remote domain.

Web3 Wallets for iOS and Android

The malicious activity is also engineered to goal iOS consumers by implies of provisioning profiles that help the apps to be sideloaded on to the devices.

CyberSecurity

As for how users stumble on these websites offering fraudulent wallets, the attack leverages Seo poisoning strategies on Chinese look for engines like Baidu and Sogou so that lookups for conditions these types of as “download MetaMask iOS” are rigged to area the generate-by obtain internet pages on prime of the look for results web page.

If nearly anything, the disclosure at the time once again highlights how danger actors are ever more environment their sights on well-liked Web3 platforms in an try to plunder delicate facts and deceptively transfer virtual money.

Discovered this post intriguing? Stick to THN on Facebook, Twitter  and LinkedIn to read much more unique information we post.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «chinese 'gallium' hackers using new pingpull malware in cyberespionage attacks Chinese ‘Gallium’ Hackers Using New PingPull Malware in Cyberespionage Attacks
Next Post: #RSAC: World Economic Forum Cybercrime Atlas Effort Advances Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.