Blockchain safety experts have discovered a malicious mobile application that stole portfolio data sensitive to user devices, leading to theft of more than $ 1.8 million in cryptocurrency.
A false application called BOM stolen more than $ 1.82 million in crypto by secretly accessing the private keys to users and mnemonic phrases, according to the Safety Blockchain Slowmist and OKX Web3 Security security companies. In a February 27 research reportSlowmist reported that the first unauthorized transactions with the application were noticed on February 14.
Chain analysis has shown that the main leaks have identified, which led to reveal more than BOM was in fact an application of scam attracting victims to give access to files. Once granted, the application scanned the storage of devices, took portfolio data and sent it to a remote server.
The application requested unnecessary authorizations, such as access to photos and media, which security experts have called “very suspicious” behavior.
“On iOS, the application first requests authorizations, deceiving users with a message stating that access is necessary for normal operation. This behavior is very suspicious – as an application linked to blockchain, there is no legitimate reason to require access to the photo gallery. »»
Slow
Slowmist followed stolen funds in several blockchains, believing that the address of the main pirate (0x49add3e, etc.) stole assets of at least 13,000 victims and transferred the funds via the base of the BNB, Ethereum, Polygon, Arbitrum and Coinbase chain.
The stolen crypto included Tether (USDT), Ethereum (ETH), wrapped (WBTC) and Dogecoin (DOGE).
Although it is not clear which is at the origin of the program, Slowmist analysts stressed that the backend services of the application were offline during the analysis, suggesting that the attackers are already trying to cover their tracks. Some funds have been exchanged on decentralized exchange platforms such as Pancakeswap and Okx-Dex.
