Security

Over 13K Android and iOS Crypto Wallets have been compromised by malicious apps: SlowMist

2 Min Read
2 Min Read
Over 13K Android and iOS Crypto Wallets have been compromised by malicious apps: SlowMist

Blockchain security experts have discovered a malicious mobile app that steals sensitive wallet data from users’ devices and leads to theft of more than $1.8 million in cryptocurrency.

According to blockchain security companies Slowmist and OKX Web3 Security, a fake app called Bom stole over $1.82 million on Crypto by secretly accessing users’ private keys and mnemonic phrases. In its February 27th investigation report, Slowmist reported that the first fraudulent transaction with the app was noticed on February 14th.

Over 13K Android and iOS Crypto Wallets have been compromised by malicious apps: SlowMist -1

Stolen Fund Analysis BOM Multiple DEXS Moves from Creators | Source: SlowMist

Analysis in the chain showed the major leaks identified, further revealing that BOM is in fact a scam app and tempting victims to provide file access. When allowed, the app scanned the device storage, retrieved the wallet data and sent it to a remote server.

The app sought unnecessary permissions, such as access to photos and media, what security experts called “very suspicious” behavior.

“On iOS, the app first requests permission and deceives the user with a message that claims that normal operations require access. This behavior is highly suspicious – as a blockchain-related application, there is no good reason to request access to the photo gallery.”

Slow mist

Slowmist tracked stolen funds on multiple blockchains and estimated that the main hacker address (0x49ADD3E…) had stole assets from at least 13,000 victims and transferred funds through bases on the BNB chain, Ethereum, Polygon, arbitrum, and Coinbase.

You might like it too: Fake Phantom Wallet Violates Apple’s App Store and Releases Cryptocurrency

Stolen codes included Tether (USDT), Ethereum (ETH), Wrap Bitcoin (WBTC), and Dogecoin (Doge).

See also  Criminals are watching the DOJ's crypto shift. We should do that too

It is unclear who is behind the scheme, but Slomast analysts point out that the app’s backend service is offline during the analysis, suggesting that the attacker is already trying to cover the track. Some funds have been exchanged for decentralized exchange platforms such as Pancakeswap and OKX-Dex.

read more: ledger wallet holder loses $800,000 to fake apps

Discover more from Earlybirds Invest

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a comment

Popular News

Cupcakes turn your spare phone into free air-gap cold storage
Cupcakes turn your spare phone into free air-gap cold storage
Security
Kraken Perpetual Futures: Unlock exciting trading opportunities
Kraken Perpetual Futures: Unlock exciting trading opportunities
Exchange
C++ DEV Update: Announcing Remix
C++ DEV Update: Announcing Remix
Ethereum
OpenSim regions near 1 million
OpenSim regions near 1 million
Metaverse
AMF warns MICA of “atomic weapons” and France threatens to break the EU crypto market
AMF warns MICA of “atomic weapons” and France threatens to break the EU crypto market
Bitcoin
bitcoin
Bitcoin (BTC) $ 67,012.97
ethereum
Ethereum (ETH) $ 1,948.85
tether
Tether USDt (USDT) $ 0.99995
bnb
BNB (BNB) $ 616.63
xrp
XRP (XRP) $ 1.35
cardano
Cardano (ADA) $ 0.252456
usd-coin
USDC (USDC) $ 1.00
binance-usd
BUSD (BUSD) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.089315
okb
OKB (OKB) $ 100.61
shiba-inu
Shiba Inu (SHIB) $ 0.000005
tron
TRON (TRX) $ 0.286556
uniswap
Uniswap (UNI) $ 3.72
litecoin
Litecoin (LTC) $ 53.23
solana
Solana (SOL) $ 82.49
chainlink
Chainlink (LINK) $ 8.61
cosmos
Cosmos (ATOM) $ 1.77
ethereum-classic
Ethereum Classic (ETC) $ 8.05
filecoin
Filecoin (FIL) $ 0.931133
bitcoin-cash
Bitcoin Cash (BCH) $ 448.42
monero
Monero (XMR) $ 341.05

Discover more from Earlybirds Invest

Subscribe now to keep reading and get access to the full archive.

Continue reading