Confiant, an agency for advertising security, discovered a number of malicious activity that involved distributed wallet apps. This allowed hackers to steal private keys and then acquire funds from users through backdoored imposter accounts. These apps are distributed by cloning legitimate websites, making it appear that the user is downloading an authentic app.
Malicious Cluster Targets Web3 enabled Wallets like Metamask
Hackers are getting more inventive when it comes to exploiting cryptocurrency users. Confiant, a company dedicated to analyzing the quality of ads as well as the security threats they might pose for internet users, has warned of a new type of attack affecting users of web3 wallets such as Metamask or Coinbase Wallet.
Confiant referred to the cluster as “Seaflower” as it was one of the most advanced attacks of its type. These apps are almost identical to the original apps but have a codebase that allows hackers access to the seed phrases and funds.
Distribution and Recommendations
These apps are mostly distributed outside of regular app stores through links discovered by users using search engines like Baidu. According to investigators, the cluster is likely Chinese-derived due to the language in which code comments are written and other elements such as infrastructure location and services used.
These apps’ links rank highly in search engines due to their clever handling of SEO optimizations. Users are tricked into thinking they are visiting the real site. These apps are sophisticated because of the way the code is hidden. This obscures much about how the system works.
This backdoored app transmits seed phrases to remote locations at the same moment it is being built. This is the main attack vector of the Metamask imposter. Seaflower uses a similar attack vector for other wallets.
Experts also offered a number of suggestions for keeping wallets safe on mobile devices. These backdoored apps are not available in app stores. Confiant recommends that users always use official Android and iOS stores to download these apps.