en.cryptonomist.ch
With the advent of the new update for the Cardano (ADA) network known as Shelley, the community also needs to update to new software and wallets in order to be able to interact without problems. This has turned out to be a great opportunity for criminals to create scam websites that are identical to the originals. Such is the case with the scam website which is exactly the same as that of the Yoroi wallet.
The website in question is almost identical to the original, even though the domain is different. But not everyone can notice this subtlety, and for this reason, many run the risk of falling victim to unpleasant surprises.
In this particular case, the scam website, (yoroi-shelley-wallet, created on 25-06-2020) differs only in the domain name from the original (created on 25-07-2018), and is extremely similar. Within the pages, there are already some suspicious things that are not present in the original.
The Yoroi scam website
In this scam site there are 3 completely foreign and very dangerous elements:
- The link to download an iOS app;
- The link to download an app for Android;
- A button to request ITN rewards.
It’s quite impressive how the apps seem to be really made by the Cardano team, especially in the Apple store which shows the name of the developer being EMURGO Co., Ltd, which is of course true and therefore makes it more believable, whereas when clicking on the Play Store button, we can directly download the apk file without being directed to the Google store.
When analyzing the apk files we can see how there are some suspicious images and one in particular “qr.png” which, when examined, redirects to a Cardano address, owned by the criminal. This means that if the unfortunate person were to use that QR code, they would send the funds directly to the criminal.
Moreover, the malicious application would also recover the credentials of the wallet in case we wanted to import one of our own.
But even more dangerous is what would happen by clicking on the ITN rewards button. In this case, the users are shown a window in which they must enter their recovery phrase, giving the criminal the key to steal all the funds:
To conclude, the website is completely identical to the original, and even the various social accounts the scam website has on it are the original ones. A poor verification would trick the user into thinking that everything is legit and they would download the software, or worse, they would enter their recovery phrase.
Please remember that these types of attacks are really sneaky. Never enter your private or seed keys into suspicious platforms. It’s always better to ask the official accounts to confirm the data reported inside the websites, since, as we have seen, they replicate the originals almost flawlessly.