A New Army of Trojanized Wallets is Haunting Crypto Investors

4 min readMar 28, 2022

Cash.Tech Newsletter #22: Security researchers uncover new crop of malicious crypto wallets. How to stay protected

The sophisticated nature of cryptocurrencies and the industry’s nascent landscape makes it an attractive hunting ground for bad actors. In the past year alone, bad actors stole $14 billion by implementing various tactics that especially target new investors. The figure represented a significant 66% increase from the $7.6 billion recorded in 2020.

(Source: Chainalysis)

Interestingly, security firm ESET Research recently uncovered a new scheme used by hackers to separate crypto investors from their hard earned money. The scheme involves the circulation of malicious apps, notably those targeting Android and iOS users.

This week’s Cash.Tech Newsletter reviews the recent findings in line with our mission to help crypto investors secure their assets. Ultimately, the best way to stay protected from malicious actors is to use the user-friendly and security-optimized Cash.Tech Wallet. Before we dive into that, we’ll bring you some exciting development updates from the team.

Cash.Tech development update

The planned Merchant Protocol remains a top priority feature for Cash.Tech developers, with new milestones reached in the past week. The team has completed the development of the application programming interface (API) for the product catalog page. Additionally, the team finalized the creation of the Account Settings that allows a merchant to choose from a list of accepted cryptocurrencies, primarily including $CATE tokens.

In the coming week, the development team will work hard to complete the connection of the frontend with the API for product catalog. At the same time, the product design team will write Merchant Account Settings to change the merchant store name and display the balance for all cryptocurrencies held by the business. The full integration of these features brings the Merchant Protocol significantly closer to release.

Meanwhile, efforts are also still underway to list the latest version of the Cash.Tech app on the Apple Store. The team hopes to complete the stated development miles within the coming week and will share further relevant updates with the community as soon as they become available.

Trojanized crypto wallets spreading like wildfire

Bad actors are continuing to refine methods to siphon money from crypto investors. In research published this week, security firm ESET uncovered an ongoing sophisticated scheme spreading dozens of trojanized cryptocurrency wallet applications.

A trojanized wallet is a patched or modified version of a more popularly known wallet solution like Cash.Tech. The modified wallet offers near identical functionalities, but also contains malicious code that steals seed phrases created or inputted by users. ESET believes the work is the work of one individual attacker or criminal group, given the close way that the malicious apps mimic the functionalities of the wallets and the real wallet.

Trojanized wallets are only effective if the creators manage to distribute them. The research found some 40 fake websites impersonating original wallet developers. There are also adverts on reputable websites where users are provided with links to download the malicious wallet apps. The masterminds further set up Telegram channels and Facebook Groups, offering distributors a 50% commission from the amount stolen from any referred victim.

An installation of the malicious app on an Android device would normally be successful if the user does not have the original version of the app installed. On iOS, the victim could mistakenly have both the original and trojanized version installed on the same device, albeit the download would have to be done from a source outside the Apple Store.

Although there is no precise metric to measure the number of users possibly affected by the ongoing scheme, the proliferation of such malicious apps on Google Play Store makes it a real concern for users. ESET also found that the source files for Android and iOS devices are being distributed online for free, a situation that is likely to accelerate the spread of these trojanized wallets.

Stay protected with Cash.Tech

Having knowledge about how trojanized wallets work is the first step to staying fully protected Cash.Tech recommends that users who choose to install third-party crypto wallets only visit and download the application from official sources. During such downloads, it is also very crucial to double-check the URL address being visited on your browser. Malicious actors use highly identical website URLs and sometimes also display promotional ads on search engines like Google.

Meanwhile, the Cash.Tech Wallet is designed to shield users from potentially harmful applications and services, by flagging visits to malicious websites using the in-built dApp browser. We also highly recommend that users only download the official Cash.Tech wallet from official links.




Cash Tech is DeFi as it’s meant to be. Digital currency conversion, payments, staking, and lending. All within one app. https://t.me/cashtechchat