Malicious players now use fake websites with ads placed on legitimate sites to distribute their malicious apps.
Cover art/illustration via CryptoSlate
A new study has shown that android and iPhone users are at risk of their crypto being stolen through a “sophisticated malicious cryptocurrency scheme.”
ESET revealed that these hackers now use fake websites with ads placed on legitimate sites to distribute the malicious apps. They’re also using telegram and Facebook for the purpose.
Users of MetaMask and Coinbase wallet in China are the primary target, but it’s only a matter of time before it spreads to other climes. According to Lukáš Štefanko, the ESET researcher who uncovered the scheme, it’s important for people to be careful about which mobile app they use for managing their funds.
With prices of digital assets mostly below their ATHs, some would expect hackers to be less interested in digital assets. But this hasn’t stopped them from exploiting panic withdrawals in the face of the market slump.
These apps pose a further threat as some of them use unsecured HTTP connections to send the victim’s secret phrase to the attacker’s servers. This makes it possible for those behind the scheme and any other hacker eavesdropping on conversations to easily steal victim funds.
The research echoes earlier warnings from regulators about the risk of cryptocurrency. Earlier this month, the European Union’s securities, banking, and insurance watchdogs warned that crypto investors could lose all their money. They added that crypto investors should be aware of the risks of investing in the space.
MetaMask releases new iOS integrations
In another development, MetaMask, the popular Ethereum wallet, has rolled out a new payment gateway for its mobile app. According to available information, iPhone users would now be able to use Apple Pay to buy crypto using their credit or debit card connected to their wallet.
📣 MetaMask Mobile v4.3.1 is LIVE with some exciting updates:
Buy crypto on iOS with Apple Pay (@sendwyre), more transparency when interacting with sites, & support for gasless transactions where relevant.
Does it get any better? Yes it does! We now have dark mode! 🌑
— MetaMask 🦊💙 (@MetaMask) March 28, 2022
Before now, MetaMask depended on Transak and Wyre for its card transactions. However, this new update would now allow users to use their cards stored in Apple Pay to buy ETH and deposit as much as $400 daily into their wallets.
This means that there would be little to no need for users to first transfer their Ethereum holdings from a centralized exchange to the MetaMask Wallet.
The ConsenSys-owned Ethereum tool announced this v4.3.1 update that comes with features like the dark mode, an aesthetic feature that most apps have been adding recently. And a better protection feature that protects users when they are sending tokens and interacting with contracts.