Members of the Zcash (ZEC) community have found a suspicious and possibly malicious fake version of the ZecWallet. A Twitter post unveiled this news on October 20, noting that the wallet likely contains malware.
Electric Coin Company, Zcash’s developer retweeted the post, which read,
🚨⚠️ PSA to all Zcash users! There is a fake version of ZecWallet that likely contains malware (size and checksum is different) double check you are downloading from official @zecwallet repo on GitHub: https://t.co/EpMyH5iCdp @ElectricCoinCo @ZcashFoundation @zooko pic.twitter.com/N9HklOH6gn
— mine Zcash ᙇ🛡️ᙇ (@mineZcash) October 20, 2019
The tweet contained a screenshot that had an announcement of the fake wallet. Per the screenshot, the creator of the wallet promised users that installing it would let them use the ZecWallet fully. As such, it mentioned that the users would be able to use transparent and shielded addresses. On top of this, the creator noted that the wallet would have several new features. These include a dark mode feature, translation updates, address validation, among other minor bug fixes and improvements.
However, according to the member that made this discovery, the counterfeit wallet’s creator gave the wrong address for downloading the wallet. Also, the developer used the wrong logo.
Before this, a report unveiled that a bug in all Zcash versions and most of its forks posed a critical threat. Duke Leto, the developer of Komodo (KDM) found this bug on September 27. According to him, the exploitation of this bug could have leaked metadata containing the full nodes’ with shielded addresses (zaddr) IPs.
A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.
Per Leto, this vulnerability poses a threat to anyone that had published their zaddr or provided it to a third party.
This news comes after ESET, an antivirus software supplier found a “trojanized” version of the Tor browser. Per ESET, this version sought to steal BTC from buyers in the darknet. The counterfeit browser reportedly targeted Russian crypto enthusiasts.
ESET unveiled that two sites were responsible for distributing the fake browser. These are tor-browser[.]com and torproect[.]org. According to ESET, the browser had been stealing crypto by swapping the original crypto address of crypto buyers since 2017.
Do you think increased awareness among crypto adopters can help curb fake projects and products? Let us know in the comments below.