First, hackers impersonate reputable companies to send emails informing users that the current version of the cryptocurrency wallet app is outdated or that the wallet has problems and needs to be updated. Attached to the email is a malicious link that takes users to the fake app's website. In this way, the bad guys can avoid the censorship system of the App Store and Google Play.

To fool users, fake websites will copy the entire logo and interface of the real website and only change the domain name by 1-2 characters. Scam apps include imToken, Bitpie, MetaMask, Trust Wallet, TokenPocket...

In addition, bad guys often spread malicious links on social networking platforms, promising to give away cryptocurrency to those who download the app to trap many people.

The hacker's main goal is to steal the digital wallet's mnemonic phrase. This is a string of unrelated words, 12-14 characters long, used to restore the wallet in case of loss or malfunction.

Once the mnemonic phrase is obtained, the hacker will withdraw the victim's money and transfer it to many different wallets. The Trend Micro research team emphasized that the amount of money the hacker has dispersed could be more than 4.3 million USD because there are many cases that have not been discovered.

In addition, the scammers also sell the management systems of cryptocurrency apps and malicious websites on Telegram. They even claim to be able to provide fake versions of all cryptocurrency wallet apps according to the buyer's requirements.

To avoid falling victim to this scam, users should only download apps from Google Play and the App Store. If they notice any suspicious behavior in the app, stop updating immediately and uninstall it.