IMG-LOGO

Hackers Are Taking Advantage of Typing Mistakes to Steal Cryptocurrency

News Feed - 2022-10-25 08:10:52

Hackers Are Taking Advantage of Typing Mistakes to Steal Cryptocurrency


A group of hackers have taken advantage of typing mistakes in order to introduce malware to Android phones and Windows-based PCs. Using a technique called typosquatting, which consists of registering domains that are dramatically near to the ones of official brands of organizations, hackers are getting data and private keys from unsuspected users, according to a report issued by Cyble. Typing a Web Domain Incorrectly Might Be Dangerous for Your Wallet


Hackers have set up a net of malware-infected domains that take advantage of the typing inaccuracies of users when getting to a determined website. According to a report issued by Cyble, a cyber security and digital risk assessment firm, these domains mimic renowned organizations and apps, like the Google Play Store, Apkure, and Apkcombo, among others.


Users that visit the domains are prompted to download an infected version of the app requested, which will serve as a vehicle for the infection. The target device, be it an Android phone or a Windows PC, will then be infected with a version of ERMAC, a malware trojan that allows the threat actors to access several critical private data in the targeted device, including private keys.


The banking trojan was first discovered in 2021 and it is now targeting more than 460 applications, allowing attackers to rent its services for $5,000 a month. Hackers Targeting More Sites and Brands Involved


While the mentioned report only found evidence of a little group of apps and brands being mimicked, further investigation by another security source confirmed that at least 27 brands and app names are being targeted by this kind of attack. Among these are Tiktok

Vidmate, Snapchat, Paypal, and even more dev-focused apps like Notepad+ and the Tor Browser.


Cryptocurrency wallets and crypto mining and related sites are also on the list. Tronlink

Metamask, Phantom, Cosmos Wallet, and Ethermine are part of the group of sites also targeted. Each one of these fake domains has different typo-squatted domains registered, to maximize the effect and damage of the attack.


Cybel makes different recommendations to avoid this kind of attack, including having an effective antivirus protecting your phone and PC, and monitoring your wallets and banking accounts regularly. However, the best advice is to arrive at the web pages of software and apps through the use of a search engine, avoiding blog-posted directions and links shown as part of advertisement campaigns. Tags in this story Cryptocurrency, Cyble, ERMAC, Hackers, Paypal, Phishing, private keys, search engines, SnapChat, tiktok, Typosquatting


What do you think about hackers taking advantage of misspelled domain names to steal crypto? Tell us in the comments section below. Sergio Goschenko


Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late to the game, entering the cryptosphere when the price rise happened during December 2017. Having a computer engineering background, living in Venezuela, and being impacted by the cryptocurrency boom at a social level, he offers a different point of view about crypto success and how it helps the unbanked and underserved. Defi Platform Moola Exploited for $8.4 Million in Incident Described as "Incredibly Simple Attack" SECURITY | 6 days ago Scammers Are Targeting Cryptocurrency Scam Sites to Hijack Their Targeted Audience SECURITY | Oct 7, 2022


Image Credits: Shutterstock, Pixabay, Wiki Commons Previous articleQuik․com Offers Registry of ․metaverse ․web3 and 8 Other NFT Domain TLDs Next articleBitcoin, Ethereum Technical Analysis: BTC Moves Lower as Prices Fail to Break Out of Key Resistance Level Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments More Popular NewsIn Case You Missed ItOman to Incorporate Real Estate Tokenization in Virtual Assets Regulatory Framework


Real estate tokenization is set to be incorporated into Oman Capital Markets Authority (OCMA)"s virtual asset regulatory framework. According to an advisor with the authority, the tokenizing of real estate will open investment opportunities for local and foreign investors. Real ... read more.Following a Brief Fee Spike, Gas Prices to Move Ethereum Drop 76% in 12 Days Fed"s Bullard Wants to Raise Bank Rate to 3.5% by Year"s End, Hints at 75 Basis Point Rate Hike Interest in Real Estate Investments in Spain Grew 400%, With Some Using Crypto and Stocks as Payment Method Economist Predicts the Fed"s Response to Inflation Will Push Crypto Higher