Confiant, an advertising security agency, has found a cluster of malicious activities involving distributed wallet applications, allowing hackers to steal private seeds and acquire user funds through imposter backdoor wallets. Apps are distributed by cloning legitimate sites, giving the appearance that the user is downloading a genuine app.
Malicious cluster targets Web3-enabled wallets like Metamask
Hackers are getting more and more creative when designing attacks to take advantage of cryptocurrency users. Confiant, a company dedicated to examining the quality of advertisements and the security threats they can pose to Internet users, has warned of a new type of attack affecting users of popular Web3 wallets such as Metamask and Coinbase Wallet.
The group, which was identified as “Seaflower”, was described by Confiant as one of the most sophisticated attacks of its kind. The report states that ordinary users cannot detect these apps as they are virtually identical to the original apps, but have a different code base that allows hackers to steal seed phrases from wallets, giving them access to funds.
Distribution and Recommendations
The report found that these apps are mostly distributed outside of regular app stores, via links found by users on search engines like Baidu. The researchers claim that the cluster must be of Chinese origin due to the languages in which the code comments are written and other elements such as the location of the infrastructure and the services used.
Links from these apps land in popular places on search sites due to clever handling of SEO optimizations, allowing them to rank high and trick users into thinking they are accessing the real site. The sophistication of these applications comes down to the way the code is hidden, obfuscating much of how this system works.
The backdoor application sends seed phrases to a remote location at the same time it is being built, and this is the main attack vector for the Metamask impostor. For other wallets, Seaflower also uses a very similar attack vector.
The experts also made a number of recommendations when it comes to keeping wallets secure on devices. These backdoor apps are only distributed outside of app stores, so Confiant recommends users to always try to install these apps from the official stores on Android and iOS.
What do you think of Metamask and Web3 backdoor wallets? Tell us in the comments section below.
image credits: Shutterstock, Pixabay, Wiki Commons, photo_gonzo
DisclaimerNote: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.