Pulse Detail — Threat Intelligence

PULSE NAME

Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity

WHITE mohdrennis 2022-03-25 Modified: 2022-04-24

190

IOCs

HIGH VOLUME

ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as cryptocurrency wallets, which it believes could be used to steal users’ funds. and is mainly targeting Chinese users.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1496 T1055 T1553 T1566 T1106 T1113 T1417 T1437 T1444 T1475 T1478

Indicators of Compromise (52 / 190 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	2022mask.com	—	2022-03-25
domain	725378.com	—	2022-03-25
domain	80rd.com	—	2022-03-25
domain	app-coinbase.co	—	2022-03-25
domain	ariodjs.xyz	—	2022-03-25
domain	bitepie.club	—	2022-03-25
domain	bitoken.com.cn	—	2022-03-25
domain	bitpiecn.com.cn	—	2022-03-25
domain	bitpio.com	—	2022-03-25
domain	czbsugjk.xyz	—	2022-03-25
domain	im-token.one	—	2022-03-25
domain	im-tokens.info	—	2022-03-25
domain	imbbq.co	—	2022-03-25
domain	imtken.cn	—	2022-03-25
domain	imtoken.net.im	—	2022-03-25
domain	imtoken.porn	—	2022-03-25
domain	imtoken.sx	—	2022-03-25
domain	imtoken.tg	—	2022-03-25
domain	imtokenep.com	—	2022-03-25
domain	imtokens.money	—	2022-03-25
domain	imttoken.org	—	2022-03-25
domain	intelsofa.com	—	2022-03-25
domain	jabirs-xso-xxx-wallet.com	—	2022-03-25
domain	jaxx.su	—	2022-03-25
domain	jaxx.tf	—	2022-03-25
domain	jaxxwalletinc.live	—	2022-03-25
domain	jdzpfw.com	—	2022-03-25
domain	lmtokenn.cc	—	2022-03-25
domain	lntokems.club	—	2022-03-25
domain	master-consultas.com	—	2022-03-25
domain	matemasks.date	—	2022-03-25
domain	metamadk.com	—	2022-03-25
domain	metamask-wallet.xyz	—	2022-03-25
domain	metamask.hk	—	2022-03-25
domain	metamaskey.com	—	2022-03-25
domain	metamaskio.vip	—	2022-03-25
domain	metamasks.me	—	2022-03-25
domain	metemas.me	—	2022-03-25
domain	metemasks.live	—	2022-03-25
domain	mtokens.im	—	2022-03-25
domain	onekeys.dev	—	2022-03-25
domain	onekeys.mobi	—	2022-03-25
domain	saaditrezxie.store	—	2022-03-25
domain	token-lon.me	—	2022-03-25
domain	token2.club	—	2022-03-25
domain	tokenp0cket.com	—	2022-03-25
domain	tokenpockets.buzz	—	2022-03-25
domain	tokenpockets.org	—	2022-03-25
domain	tokenweb.online	—	2022-03-25
domain	xdhbj.com	—	2022-03-25
domain	yanggan.net	—	2022-03-25
domain	zh-imtoken.com	—	2022-03-25

References (1)

↗ https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/