Members of the Zcash (ZEC) community have discovered a suspicious and potentially malicious counterfeit version of Zcash Foundation’s native ZecWallet.
According to a Twitter post published on Oct. 20 and retweeted by Zcash developer Electric Coin Company, the fake ZecWallet likely contains malware. The tweet reads:
“PSA to all Zcash users! There is a fake version of ZecWallet that likely contains malware (size and checksum is different) double check you are downloading from official @zecwallet repo on GitHub: https://github.com/ZcashFoundation/zecwallet”
As Cointelegraph reported on Sept. 29, a bug was found in all Zcash implementations and most of its forks that could leak metadata containing the full nodes’ with shielded addresses IPs.
Targeting users in Russia, the fake Tor Browser was distributed via two websites and has been stealing crypto from darknet shoppers by swapping the original crypto addresses since 2017.
Earlier in October, ESET also flagged another form of malware stealing crypto from users. Called “Casbaneiro” or “Metamorfo,” the banking trojan targeted banks and crypto services located in Brazil and Mexico and has allegedly stolen 1.2 BTC at the time.