In the days that run, mobile phone applications have become an indispensable part of our routine. Since communicating with friends, following news or even managing finances, many trust these platforms for almost everything. However, this confidence can be explored by digital criminals who create false versions of popular applications, designed to deceive and steal personal data.
According to Executive Digest, a site specializing in finishes and economics, the ease with which we install new apps, coupled with the desire to always be up to date on social networks, can turn the mobile phone into a vulnerable target. These false applications often hide behind the identical interfaces to the original, and once installed can access sensitive information without the user noticing.
It is in this context that a new warning arises for users, especially those who use Tiktok. This widely popular social network worldwide is being used as a disguise for malware that aims to steal photographs and personal data, as well as compromising access to cryptocurrency digital wallets.
Application seems true, but it is false
This application mimics Tiktok, but hides a malicious program called Sparkled. When installed, it begins to access the photographs stored on the mobile phone and send these images to strikers controlled servers.
This type of program is known as malware, ie software created to cause damage or steal data. In addition to photographs, malware also tries to find used phrases or keywords to access cryptocurrency digital wallets, where users keep virtual money.
Risk for iOS and Android
In the case of iPhones, malware is presented with the name 币 coin and pretends to be an application related to cryptocurrencies. It is discharged through false pages that mimic the appearance of the official App Store. These pages use legitimate tools to deceive users and install the program.
In Android mobile phones, the scheme is similar. Malware spreads through installation files (APK) discharged from unofficial websites.
In some cases, it even appeared in the Google Play store. One of these applications is called SOEX, which represents a false coin shifting service service, which has been discharged thousands of times.
The threat: steal recovery phrases
The main objective of this attack is to find images that contain recovery phrases. These phrases act as keys that allow you to access and control cryptocurrency wallets. Those who have access to these phrases can easily steal all the digital money that is stored there.
This method makes the attack discreet and effective because many users hold screen captures with these phrases on their mobile phone without realizing the risk.
How to protect your data and finances
According to the, a warning to Google and Apple has already been made to remove malicious applications detected.
The company recommends that users avoid unloading applications from external websites and be careful with apps that promise fast financial gains or cryptocurrency services.
A simple installation can undermine your data and finances. It is important to keep your mobile phone up to date, use only official stores and be aware of applications that ask for permissions unusual.
Also read:
