• Hackers steal crypto by altering wallet addresses on malware-infected Android phones.
• According to Kaspersky, hackers transferred at least $270,000 in stolen cryptocurrency, affecting over 2,600 victims.

Cybersecurity company Kaspersky has discovered a new cyber threat that targets the users of cryptocurrencies. The hackers are selling fake Android phones loaded with malware to steal digital currencies. Kaspersky estimates that this high-end attack has already targeted thousands of users across the globe.

Hackers have hacked the Triada trojan malware and inserted it into such Android phones before they even land in the hands of customers. The malware intercepts user information and crypto transactions, which makes it a very risky threat. Sellers offer most of these infected phones at very low prices, and people buy them unaware of the subtle threats.

Kaspersky reports that malware has already infected over 2,600 users, with most victims in Russia. Cybersecurity experts, however, believe that the number of infected users may be much greater. The malware works quietly and is hard to detect. It can stay hidden in the device for a long time.

Kaspersky Expert Warns About the New Triada Malware

Dmitry Kalinin, Kaspersky’s cybersecurity expert, has pointed to the gravity of this attack and indicated that the Triada trojan has long been a danger to Android systems. This version is especially worrying because it is built directly into the firmware of the devices. Unlike typical malware, which software updates or security patches can erase, this malware integrates into the system. This integration makes it practically impossible to remove.

Kalinin believes that the supply chain has been breached, meaning sellers and buyers remain unaware of the infection in these devices until they enter the market. This is problematic regarding the honesty of some smartphone manufacturers or third-party sellers who are distributing these infected devices.

How this malware works is especially disconcerting. Once installed, it exchanges cryptocurrency wallet addresses when transactions are initiated, effectively sending money into hacker-controlled wallets. Kalinin revealed that the hackers have already laundered at least $270,000 worth of stolen cryptocurrency, but he believes the actual amount is likely much higher. One of their most prized targets is Monero, a privacy-centric cryptocurrency that is hard to track.

Kaspersky highly recommends that users are very careful when buying smartphones, only buying them from official dealers and well-known brands. The company also advises other security habits in order to protect their online assets.

Users need to regularly update their software, install trusted security software, and double-check wallet addresses before they approve cryptocurrency transactions. Since the malware operates by exchanging wallet addresses, manually verifying addresses before sending money can help prevent loss.

A final important step is avoiding the download of malicious apps or granting unwanted permissions to apps. Some malware attacks begin when users are not aware of sharing sensitive data from their apps by providing access rights to apps in their devices that hackers exploit against them.

With the expanding world of cryptocurrency, cybercrooks are inventing new and more advanced ways of taking advantage of users. This latest malware attack is an eye-opener for crypto investors to be careful and adopt stringent security protocols.

Kaspersky urges users of cryptocurrencies to keep themselves informed about new threats and take the initiative to protect their money. The firm explains that securing the crypto market involves not only protecting crypto but also ensuring the security of the devices used for transactions.

Since hackers are continuously improving their methods, cryptocurrency users have to be one step ahead in a bid to protect their investments. By keeping up with security best practices and being careful where they buy their gadgets, users can minimize the chances of falling victim to such high-tech cyberattacks.