In order to access a specific website, hackers have created a chain of malware-infected domains that profit off users’ typing errors. These domains imitate well-known companies and applications, like the Google Play Store, Apkure, and Apkcombo, among others, claims a report from Cyble, a cyber security and digital risk assessment company.
Visitors to the websites are asked to download an infected copy of the app they want, which will spread the infection. Then, a variant of ERMAC, a malware trojan that enables threat actors to access numerous crucial private data on the targeted device, including private keys, will be installed on the target device, whether it’s an Android phone or a Windows PC.
Even though the cited report only discovered evidence of a small number of apps and brands being imitated, further research by another security source revealed that at least 27 companies and app names are the targets of this type of attack. Tiktok Vidmate, Snapchat, Paypal, and even more developer-focused applications like Notepad+ and the Tor Browser are among them.
Since it was originally identified in 2021, the banking trojan has expanded to target more than 460 applications and offers attackers $5,000 per month to use its services.
The list also includes websites for cryptocurrency wallets, mining, and associated topics. The list of websites that were also targeted includes Tronlink Metamask, Phantom, Cosmos Wallet, and Ethermine. To maximise the impact and harm of the attack, many hijacking domains have been registered for each of these phoney domains.
To prevent this kind of assault, Cybel offers a number of suggestions, such as installing a reliable antivirus programme on your phone and computer and routinely checking your wallets and bank accounts. The best recommendation is to utilise a search engine to find the websites of software and apps rather than relying on blog instructions or links that are part of marketing activities.