Hackers Distribute Backdoored Web3 Wallets for Mobile Users

June 14, 2022

2879

June 14, 2022 Leave a comment on telegram

SeaFlower targeting Android and iOS users .
Backdoored apps drain victims’ funds.
Apps mimics official cryptocurrency wallet.

Introduction:
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds.

Details:
Said to be first discovered in March 2022, the cluster of activity hints to a strong relationship with a Chinese-speaking entity yet to be uncovered, based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba’s Content Delivery Network (CDN). As of today, the main current objective of SeaFlower is to modify Web3 wallets with backdoor code that ultimately exfiltrates the seed phrase.

Currently:
Targeted apps include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken. SeaFlower’s modus operandi involves setting up cloned websites that act as a conduit to download trojanized versions of the wallet apps that are virtually unchanged from their original counterparts except for the addition of new code designed to exfiltrate the seed phrase to a remote domain.

Additional Security Info:
The malicious activity is also engineered to target iOS users by means of provisioning profiles that enable the apps to be sideloaded onto the devices. As for how users stumble upon these websites offering fraudulent wallets, the attack leverages SEO poisoning techniques on Chinese search engines like Baidu and Sogou so that searches for terms such as “download MetaMask iOS” are rigged to surface the drive-by download pages on top of the search results page.

Closing:
If anything, the disclosure once again highlights how threat actors are increasingly setting their sights on popular Web3 platforms in an attempt to plunder sensitive data and deceptively transfer virtual funds.

Reference link for the full story:
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity

#seaflower #backdoor #imitationapps

ebook, Telegram and LinkedIn to read more exclusive content we post

Hackers Distribute Backdoored Web3 Wallets for Mobile Users

LATEST NEWS

What Are Shadow IDs, and How Are They Crucial in 2022?

Unpatched DNS Vulnerability Affects IoT Devices.

U.S. FCC Commissioner Asks Apple and Google to Remove TikTok from App Stores

MUST READ

Spice up Your Life at Akbar Restaurant: Garden City’s Tastiest Indian Restaurant!

Ginos of West Hempstead Pene Ala Vokda Pizza Slice

The Serious Job of Protecting Client Information

EDITOR PICKS

Biden and Trump will debate on Thursday. Here’s what you need...

John Ray: The Legal Mind Behind Gilgo Beach

Gilgo Suspect’s How-To Manual Reflects a Killer’s Mind, Prosecutors Say

POPULAR POSTS

Ubiquiti debuts dual camera UniFi G4 Doorbell

Global Computer Systems in Port Jefferson NY, Yikes!

Microsoft Provides Workaround for L2TP VPN Connections Issues on Windows

POPULAR CATEGORY

HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems

Vicon Industries, Hauppauge NY