Researchers discover 280 Android apps that are desperately after your funds

McAfee’s Mobile Research Team has discovered 280 Android apps that come across as legitimate but are covertly trying to gain access to people’s cryptocurrency wallets.

Cybercriminals have created Android malware which is delivered through harmless-looking apps. McAfee has not published the names of the apps but has revealed that they fall into various categories, including government services, banking and utilities.

The malware primarily aims to obtain the mnemonic phrase, also known as the mnemonic recovery phrase or seed word, for your cryptocurrency wallet. The phrase, which is typically 12, 18, or 24 words, is all that a cybercriminal needs to access your digital assets.

As Beeping Computer notes, since recovery phrases are not necessarily easy to remember, people often take screenshots of their recovery phrases and save them in their galleries.

The malware takes advantage of that by sending all the images stored on a victim’s device to the attackers’ server. Optical character recognition (OCR) techniques are then used to convert the images to text.

How’s the malware spread?

The phony apps are not hosted on Google Play. Instead, the links to download are advertised through text messages or social media. Deceptive techniques are often used to trick you into thinking that the link was sent by a reliable source, such as an organization you know or a friend.

When you click on the link, you are taken to a website that looks authentic. After an app is downloaded, it asks for permission to access sensitive information such as your contacts, text messages, and storage, and to stay active in the background. You are given the impression that the permissions are crucial to the functioning of the app.