Researchers at McAfee have recently uncovered 280 fraudulent Android applications designed to compromise the cryptocurrency wallets of unsuspecting users. These malicious apps have been found to target mnemonic phrases, which are commonly provided to cryptocurrency wallet owners to aid in account recovery. Typically consisting of 12 to 24 words, these phrases are sometimes captured through screenshots. The fake Android apps identified by McAfee’s mobile research team specifically target these phrases by scanning the device for images containing them.
According to McAfee researchers, the malware disguises itself as various legitimate apps, including those related to banking, government, streaming, and utilities. To distribute these apps, scammers employ phishing campaigns that involve sending text or direct messages on social media containing links to deceptive websites. Once on these websites, users are prompted to download an app that installs the malware on their devices.
Upon installation, the fake Android app requests access to sensitive information stored on the device, including SMS messages, contacts, and photos. It also aims to operate in the background without the user’s knowledge. The stolen information can include the user’s contact list for further phishing attempts, incoming SMS messages containing critical information, and uploaded photos, which could be personal or sensitive. Additionally, the malware collects detailed device information, such as the operating system version and phone number, to aid attackers in customizing their malicious activities.
