The Confiant security research group has discovered a group that is backdooring and distributing versions of legitimate crypto wallets including Coinbase Wallet, MetaMask, TokenPocket, and imToken. The hackers have created reverse-engineered versions of the crypto wallets that operate as designed, but also steal the user’s seed phrase, later using it to drain the users’ cryptocurrency.The attackers have distributed the tampered applications through websites that clone the legitimate applications’ websites. Through search engine poisoning, primarily via Chinese search engines like Baidu, the attackers have successfully gotten unsuspecting users to install the malicious programs.