According to a report by BleepingComputer, in March of 2022 researchers at Confiant uncovered an operation that uses trojanized mobile cryptocurrency wallet applications to “intercept the pass phrase” and gain access to the user’s assets in a man-in-the-middle style attack. These malicious applications are identical to the real ones and can successfully impersonate large cryptocurrency wallet applications such as Coinbase, TokenPocket, imToken, and MetaMask. Confiant refers to this attack as “SeaFlower” and have described it as “the most technically sophisticated threat targeting web3 users, right after the infamous Lazarus Group.”
In order to gain user trust and have the malicious application downloaded onto a user device, the SeaFlower operation creates exact copies of the legitimate websites that the real applications come from. They then use SEO poisoning techniques to cause these illegitimate websites to appear in searches and convince users to download the malicious applications. Once downloaded, the threat actor uses POST requests to impersonate the original domains and gain access to the user’s information. To read more about this vulnerability from BleepingComputer, click here.
What is their proposed fix?
Looking at the classic standards for best security practices, the only way to protect against this form of attack is to only download applications from a trusted source such as the official website or the app store. However, even the most careful users can still fall victim to these incredibly sophisticatedly disguised attacks. The only way to be fully secure against these malicious applications is to implement preventative security measures that protect data from endpoint-to-endpoint, leaving no openings for these threat actors to exploit.
How could Eclypses MTE Technology solve this problem?
“I have no doubt that Coinbase was using best practices when they designed the app.” Says Joe Jeanjaquet, Senior Director of Applied Technologies at Eclypses, “The trouble, however, is that modern best practices aren’t good enough anymore. When the bad guys are able to trick your app to send data to the wrong location, you’ll be glad that the data was already secured with Eclypses MTE.”
Eclypses’ MTE Technology was named “Best Cyber-Security Solution” in the Financial Technology Forum (FTF) News’ Technology Innovation Awards for its ability to provide the highest level of cyber-security to financial applications and websites. This application-level technology is specifically designed to secure application data before it hits the operating system, the network, or the transport layer. The patented use of FIPS 140-3 validated cryptographic modules allows businesses to control their application data without the reliance on uncontrolled and vulnerable systems. In addition, MTE includes endpoint verification, key management, and unique protection to most man-in-the-middle attacks, preventing bad actors from acquiring data even through backdoors in malicious applications.
Interested in learning more or looking at our test environment to demonstrate this? Reach out to our team today.