CertiK Outlines Mobile Blockchain Security Threats and Countermeasures

Blockchain technology is rapidly transcending beyond traditional platforms, marking its imprint on mobile platforms, an area CertiK, a blockchain security firm, regards as a “frontier of innovation.” However, this transition isn’t devoid of challenges. Mobile platforms inherit a lineage of security hurdles that threaten to impede the smooth operation of blockchain technologies on these devices. On 31st October 2023, CertiK delineated a series of tweets, unfolding the panorama of threats alongside respective safeguards in the mobile blockchain ecosystem.

The first in the series of tweets outlined the threat posed by malware and ransomware. These malicious software target cryptocurrency wallets on mobile devices to either siphon off funds or encrypt data, demanding a ransom for decryption. CertiK advised maintaining a pristine device environment by employing reputable security solutions to ward off such threats.

The subsequent tweet highlighted the risks associated with insecure wallet applications. These deceptive or unsecured apps available on app stores pose significant risks to digital assets. Users are cautioned against downloading such applications and are advised to opt for secure and reputable wallet apps to mitigate risks to their digital assets.

CertiK’s discourse progressed to SIM swapping, a technique employed by attackers to hijack phone numbers, gaining control over authentication codes and accounts. To counter this, the blockchain security firm advocates the employment of multi-factor authentication, which adds an extra layer of security, making it arduous for attackers to gain unauthorized access.

One example of SIM swapping security concern is illustrated by Google’s recent update to its Authenticator app, which underscores the complex interplay between convenience and security in the digital realm. The recent update to Google’s Authenticator app, which now stores a “one-time code” in cloud storage, is perceived by some as a double-edged sword in the battle against cyber threats like SIM swapping. While aimed at preventing users from being locked out of their two-factor authentication (2FA) systems, critics argue that this cloud storage approach could potentially provide a loophole for cybercriminals. SIM swapping, a prevalent technique among identity thieves, involves tricking telecom operators to reassign a victim’s phone number to a new SIM card owned by the attacker. This tactic can give criminals access to a plethora of sensitive information and control over 2FA codes sent via SMS, posing a significant risk to users. With the new update, if a hacker were to crack the user’s Google password, the ostensibly secure Authenticator app could become a gateway to multiple authenticator-linked applications. Hence, despite its convenience, the cloud storage feature may inadvertently heighten the risks associated with SIM swapping and other cyber-attacks, underscoring the need for users to explore additional security measures.

Engagement with third-party services was identified as another security threat. Such interactions could expose users to additional security risks. CertiK urged exercising caution and patronizing trusted platforms to minimize risks associated with third-party services interaction.

The firm shed light on the vulnerabilities inherent in mobile operating systems that could potentially compromise blockchain security on mobile devices. Ensuring the operating system is updated to patch existing vulnerabilities was recommended as a countermeasure to this threat.

Lastly, CertiK pointed out the network vulnerabilities, especially when connected to insecure Wi-Fi networks and public hotspots. Such connections could expose mobile devices to potential threats. Steering clear of insecure networks and public hotspots, or employing secure Virtual Private Networks (VPNs), was proposed as a safeguard against network vulnerabilities.

Image source: Shutterstock


Tagged : / / / / / / / / /

New Malware Emerges That Targets Coinbase Wallet, MetaMask and Other Crypto Extensions: Report

A new type of malware has surfaced that can compromise crypto wallets and extensions, putting investors at risk of hacks.

According to a new blog post by network security expert 3xp0rt, a piece of malware known as Mars Stealer – an improved version of information bootlegger Oski Stealer – has emerged to prey on web browsers, crypto extensions and crypto wallets.

Some of the popular web browsers the malware affects are Internet Explorer, Firefox, Microsoft Edge and Thunderbird.

It also preys on crypto extensions such as MetaMask, TronLink, Binance Chain Wallet and Coinbase Wallet while also targeting wallets such as Bitcoin Core and its derivatives. Wallets under MultiDoge and Ethereum could also potentially be affected.

However, 3xp0rt notes that the malware only targets crypto extensions on Chromium-based browsers other than Opera.

The cybersecurity expert says that Mars Stealer operates by getting a handle of a computer’s internal library files to conduct a complex series of technical coding reconfigurations to do its bidding.

To steal a user’s wallet information, the malware targets sensitive data stored in the wallet.dat file. The file contains information such as the address and private key access data, according to the internet security expert. The malware also has a built-in grabber, loader, and self-removal feature.

“Mars Stealer is an improved version of Oski Stealer. [It] has added [functionality]: anti-debug check, crypto extension stealing, but Outlook stealing is missing. The code has been refactored, but some algorithm remained stupid as in Oski Stealer.”

Check Price Action

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix



Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/studiostoks


Tagged : / / / / / / / / / / / / / /

Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.

MetaMask, Nifty Wallet, Coinbase Wallet, MEW CX, Ronin Wallet, Binance Chain Wallet and TronLink are listed as the targeted wallets. The security expert notes that the malware can target extensions on Chromium-based browsers except Opera. Sadly, it means some of the most common browsers like Google Chrome, Microsoft Edge and Brave made it to the list. Also, while they are safe from extension-specific attacks, Firefox and Opera are also vulnerable to credential-hijacking.

Related: ‘Less sophisticated’ malware is stealing millions: Chainalysis

Mars Stealer can be spread through various channels like file-hosting websites, torrent clients and any other shady downloaders. After infecting a system, the first thing the malware does is check the device language. If it matches the language ID of Kazakhstan, Uzbekistan, Azerbaijan, Belarus or Russia, the software leaves the system without any malicious action.

For the rest of the world, the malware targets a file that holds sensitive information like crypto wallets’ address info and private keys. It then leaves the system by deleting any presence once the theft is complete.

Hackers are currently selling Mars Stealer for $140 on dark web forums, meaning the barrier to access the trojan is relatively low for malicious actors. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilize 2FA are warned to be cautious against clicking dubious links or downloads.