What does it mean by “transactions not requiring verification” ? This is crazy, and as normal user or non technical person I’m not sure how to keep my funds secure if there are trojans like these which are able to extract the transactions just like that?
Wow, they are actually developing good trojans but it seems Wallet or App makers are not really making any progress with the security huh?
So how does it work, developers focus more on security breaching viruses rather than getting well paid jobs on the other side ?
The application is hijacked probably hacker had replaced the original file, so instead of downloading the official application, users downloaded the malwared version giving the hacker full control of the downloaded wallet's operation.
The file name was hijacked and a replica made out of the original. It's hard not to see loopholes on wallet apps, since it could be managed by greedy people; a person can betray the team and offer the main file name to the hackers.
I don't know where users download the virus-infected hijacked APK from?
If you aren't careful or trust random people on the internet, there are many ways to get infected and phished. Ask about good wallets or exchanges in crypto-related social media channels and groups and you will be bombarded with scam attempts and fake investment opportunities. Many people unfortunately don't realize how dangerous it is to trust such sources. Google isn't helping either with their negligence and willingness to advertise scams on top of search results if you pay them.
At first google was wary about cryptocurrency related adwords on their search engine, but such ads are now allowed, which is quite risky for users. Besides, most of these hackers and malicious app owners have authority websites that promotes their links too, which lure people to download their apps on app stores other than google play store. Moreover, android phones like huawei has its app store which seems to be less secured regarding the need of certificates before installing apps. On the other hand, some people are careless about all these requirements, and go ahead to confirm that they trust the app.
However, since the current attacks result from users getting scammed by trojanized APKs, it’s unlikely that there will be any refunds.
so since this is as a result of a careless company and uninformed users it's wrong to say that the affected users should be neglected with no refunds, it is suspicious.
Considering that the Company has taken this step to inform users about the hijack, what are their plans of stopping such a continuous attack on affected users, as the news may not get to everybody? The internet is not a place for the less informed, truly. Especially, on the cryptocurrency niche, a group of developers can conjoin and build a project, promote it, gain customers and feel reluctant about their safety. Exposing them to the wild world of hackers.