Backdoored versions of Android Web3 wallets are being distributed by cybercriminals based in China, to steal users’ seed phrases.
Confiant, a digital advertising security business, studied this previously undisclosed campaign and dubbed it SeaFlower. One of the most technically advanced threats targeting users of Web3 wallets has been described as this action. Hackers have reportedly attacked Android versions of Coinbase Wallet, MetaMask Wallet, TokenPocket, and imToken, according to Confiant.
These programmes have not been hacked by the attackers. Instead, they’ve developed backdoored versions of the wallet that preserve the wallet’s genuine functionality while also stealing the user’s seed phrase, which can then be used to take the victim’s money.