Protect your money! Fake crypto wallets spotted for iPhone and Android

March 28, 2022

By Kim Komando

Cryptocurrency is risky enough without having to worry about scams. No matter which one you choose, you will deal with volatile values. Throw in some crooks, and the risk goes up exponentially.

Social media is a goldmine for scammers to find new victims. Now, fake crypto ads are circulating on Facebook and other platforms. The ads use images of well-known industry leaders to lure people into buying crypto that doesn’t exist. Tap or click here to check out our report.

Cybersecurity researchers recently found 40 copycat sites designed to look like legitimate crypto services. The sites advertise crypto wallet apps that are anything but legitimate. Keep reading to find out the risks and protect your finances.

Watch your wallet

Cryptocurrency wallets are physical or digital storage devices for your cryptocurrency. The wallets themselves hold public and private keys, which give you access to your crypto. Tap or click here to learn more about crypto wallets.

Since last year researchers at ESET have been tracking iOS and Android crypto apps containing trojan malware. They also uncovered a spread of Chinese language groups promoting these malicious crypto wallets on the Telegram messaging app.

Evidence shows that a crook is recruiting partners to distribute these bad apps via telemarketing, social media, advertisement, SMS, third-party channels, fake websites and more.

Taking to the web

ESET

ESET researchers also uncovered malicious wallets being distributed via legitimate Chinese websites, with articles containing links to fake wallet apps. The posts used real wallet names such as Coinbase, imToken, Bitpie, MetaMask, TokenPocket, OneKey and Trust Wallet but led to copycat websites.

A thief used another legitimate Chinese website to post an article about Beijing’s crypto ban. The author included a list of genuine crypto wallets to get around the ban, along with links to bogus websites with download links for fake apps.

Different effects on iOS and Android

ESET

The malware works differently depending on your operating system. The fake Android wallet apps target new crypto users who do not have a legitimate wallet app installed on their devices.

If you already have an official wallet app, the malicious one won’t be installed due to Android security measures, which don’t let you replace an original app with one that isn’t legitimate.

The copycat websites let Android users download the malicious apps from their servers even if they tap on the “Get it on Google Play” button. Following that, the app needs to be installed manually.

ESET

When it comes to iOS, multiple versions of an app can be installed simultaneously. But due to Apple’s stricter screening process, you won’t find these malicious apps in the App Store. So if you are an Apple user, you’d have to install the malicious apps from a third-party store or click on malicious links found on places like social media.

The websites for these apps let users download apps outside the official store, using a system Apple put in place for businesses and educational institutes to install custom apps without going through the App Store. You must then manually install these apps.

Once the app is up and running, it appears to work like a legitimate crypto wallet. But it isn’t. Instead, it’s stealing the currency deposited into it.

Don’t be a victim

Follow these tips to keep crypto scammers at bay:

• Use official apps from official app stores that contain links to official websites.
• Be wary of online ads for crypto.
• Research any wallet app you’re interested in. Look for reviews and information about the company behind the app.
• Always have a trusted antivirus program updated and running on all your devices. This can help to detect malicious apps on your phone. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com.