Confiant Warns of ‘Sophisticated’ Threat to Web3 Wallets

The security agency Confiant, amid the growth of phishing attacks, reported on fake applications that imitate MetaMask and Coinbase Wallet wallets to steal users’ seed phrases.

Confiant experts warned cryptocurrency holders about a new type of cyberattack affecting users of popular Web3 wallets such as MetaMask and Coinbase Wallet. The “Seaflower” malware cluster has been qualified by Confiant as “one of the most sophisticated threats of this year.”

The report states that ordinary users cannot detect these fake applications because they are no different from the original ones. At the same time, they have a different code base that allows hackers to steal seed phrases of cryptocurrency wallets, giving them access to user assets.

These apps are distributed mostly outside of app stores through links that users find in search engines. The researchers argue that the cluster is most likely of Chinese origin due to the languages in which the comments to the code are written, the location of the infrastructure and the services used.

According to experts, links of fake applications get to search sites thanks to the intelligent processing of SEO-optimization. This allows them to occupy high positions in the search. The report says that the sophistication of these applications lies in how the code and the operation of this malicious system are hidden.

Last week, one of the creators of the NFT Yuga Labs project under the pseudonym GordonGoner reported that criminals could carry out an organized hacking of the project’s user accounts on social networks.