Hackers are obtaining data and private keys from unsuspecting users through a tactic known as typosquatting, which is registering names that are very similar to those of legitimate brands of companies, according to a report released by Cyble.
Hackers are obtaining data and private keys from unsuspecting users through a tactic known as typosquatting, which is registering names that are very similar to those of legitimate brands of companies, according to a report released by Cyble.
In order to access a specific website, hackers have set up a network of malware-infected domains that profit off users' typing errors. These domains imitate well-known companies and applications, like the Google Play Store, Apkure, and Apkcombo, among others, claims a report from Cyble, a cyber security and digital risk assessment company.
Visitors to the websites are asked to download an infected copy of the app they want, which will spread the infection. Then, a variant of ERMAC, a malware trojan that enables threat actors to access numerous crucial private data on the targeted device, including private keys, will be installed on the target device, whether it's an Android phone or a Windows PC.
The banking trojan was first identified in 2021, and it now targets more than 460 applications and offers attackers $5,000 per month to use its services.
Despite the fact that the aforementioned analysis only discovered proof of a small number of apps and companies being imitated, further research by another security source revealed that at least 27 brands and app names are the target of this type of attack. Tiktok Vidmate, Snapchat, Paypal, and even more developer-focused applications like Notepad+ and the Tor Browser are among them.
The list also includes websites for cryptocurrency wallets, mining, and associated topics. The list of websites that were also targeted includes Tronlink Metamask, Phantom, Cosmos Wallet, and Ethermine. To increase the impact and harm of the attack, many typosquatted domains have been established for each of these false domains.
To prevent this kind of assault, Cybel offers a number of suggestions, such as installing a reliable antivirus program on your phone and computer and routinely checking your wallets and bank accounts. The best recommendation is to utilise a search engine to find the web sites of software and apps rather than relying on blog instructions or links that are part of marketing activities.