As the crypto market heats up, more users are investing in virtual coins and using virtual wallets. Hackers have figured out how to get into these accounts without overloading your phone, so here’s what you need to know.
Trojans are just as effective on mobile devices
Researchers at IBM X-Force found that cryptocurrency thieves use a pretty creative workaround to avoid detection. They recently analyzed the webinjection scheme that the TrickBot Trojan used, and found that mobile malware played a part in the heist. It has been understood that mobile web browsers are susceptible to mining apps and that malware intent on stealing crypto infects devices through exploiting browsers. Of course, it is not only browsers that are responsible for this malware. The news is that there are more efficient means for hackers to empty Bitcoin wallets than these.
In order to mine coins, hackers need access to processing power. Mobile devices have relatively low amounts of this to spare and are battery powered. It should be suspicious when a mobile device starts overheating, losing battery and otherwise acting up. Users generally identify malware that uses too many resources pretty quickly, so instead of using traditional malware, thieves have turned to Trojans that don’t install mining software onto the device. Instead, the malware creates the same effect that a webinjection might. Using fake on-screen information, thieves trick users into giving away their data.
Old tactics, new devices
TrickBot Trojan used screen overlays to collect data; this is a basic tool for crypto crooks. Using malware such as ExoBot, BankBot or Mazar, criminals are able to figure out which app is open on a device. They can then overlay a fake screen and users won’t think twice about putting in their credentials.
This information is picked up by the hacker who can use it to access accounts from any location he chooses. If accounts are set up to request secondary access codes, such as a text message authorization code, malware is able to intercept that information too. The user would be completely unaware that the authorization code was ever sent to their device.
Users need to be aware of these tactics as they are used to access bank accounts and crypto wallets alike. Bankbot and Marcher, for instance, both incorporate APK names that trigger an overlay as soon as the desired app is opened on a device. The researchers at X-Force point out that target applications include Bitcoin Cash, Ethereum, Litecoin and Monero wallets, as well as other digital asset apps. The overlay screens look simple but convincing, so falling prey to the tactic is easy.
Why hackers will always love crypto
Some of the most loved features of cryptocurrencies are also the very reasons that criminals want them so much. New coins are constantly coming out, and their values are going up. Decentralization, anonymity, the speed of transaction, lack of regulation: these traits are all great for users, even better for people with illicit intentions. Getting money with few to no questions asked is a criminal’s dream come true.
Attacks against exchange platforms and crypto holders have been on the rise for the past year, and it is expected that these will continue to increase. Using malware with fake overlays makes the thefts that much easier to pull off. While users increasingly rely on mobile devices and apps for everyday activities, attackers are trying to keep their strategies up to the effectiveness levels of PC Trojan attacks. With the development of more sophisticated malware, banks and crypto platforms need to be investing in better protection for mobile threats.
