Crypto wallets based on iOS are at risk
Date: 2023-07-25 Author: Karina Ziganova Categories: BUSINESS
Attackers have come up with a way to track user input through malicious applications in the App Store
Cybercriminals came up with a scheme to steal user data using the WKWebView component in the iOS operating system. This was announced on Twitter by analysts at SlowMist. Malware that can steal data has already appeared in the Chinese division of the App Store marketplace.
According to a complaint from one of the victims, with the help of WKWebView (which allows you to open web pages inside the application), attackers learned how to forge Apple's authorization form. In the form, victims are asked to enter an email and password. Having obtained confidential data, attackers enter their devices into the list of home devices in order to make purchases from the victim's device.
Also, with the help of stolen data, fraudsters forge the victim's number in order to circumvent the restrictions of two-factor authentication. According to SlowMist, the scheme endangers all users who use iCloud cloud storage to log in to crypto wallets. The scale of the scheme remains unclear.
iOS security exploits via WebView have been used before. For example, back in 2014, a similar scheme with data interception was identified by one of the developers of the Twitter client for iOS Craig Hockenbury. In 2016, IT security experts found out that attackers could make unauthorized calls from the victim's device through WebView. At the same time, only one line of HTML code was enough for cybercriminals to carry out an attack.
At the end of June, the editors wrote about the appearance of a fake copy of the Trezor Wallet mobile application in the App Store. At the moment, a fake clone of this application made it to the tops of search results for users from the US and the UK. The application managed to hang in the marketplace for several weeks and it is unclear what data could fall into the hands of attackers. At the time of writing, App Store moderation has removed a fake copy of the app.
