The crypto market has been grappling with a new form of scam. According to a recent Kaspersky study, fake Android phones with crypto theft malware pre-installed have been sold on the market, causing many to lose their holdings.

Customers searching for less expensive options to real flagship smartphones are the main target of these counterfeit gadgets, which are frequently promoted as premium or high-end models.

How Is The Scam Carried Out?

During production, the fake phones are infected with malicious software that is particularly tailored to target cryptocurrency wallets and steal private keys, allowing hackers to access victims’ money.

According to Kaspersky’s research, these fake gadgets frequently imitate well-known brands but lack the security features of genuine ones.

The pre-installed software stealthily watches for cryptocurrency-related activities on the phone, such using wallet apps or completing transactions, and transmits the stolen data to a distant server under the control of cybercriminals.

The growing sophistication of fake goods and their ability to jeopardize user security are issues brought up in the report.

Additionally, it issues a warning regarding the increasing convergence of crypto theft and cybercrime. To protect against such risks, experts urge customers to install strong security software, confirm the legitimacy of the goods, and only buy products from reliable vendors.

Also Read: Android Malware “Crocodilus” Disguises as Legit Crypto Apps to Steal Assets

How Does The Malware Function?

After infecting a device, the malware replaces the wallet addresses that users plan to send money to, giving attackers complete access to steal cryptocurrencies.

This implies that the attacker can secretly reroute transactions to their own wallets. The malware can steal login credentials and other private user account information in addition to cryptocurrency.

Intercepting incoming and outgoing text messages, particularly those that contain two-factor authentication (2FA) codes, is another risky feature.

Attackers can circumvent security measures and obtain unauthorized access to accounts by intercepting these. This makes the trojan extremely effective at focusing on people’s online security and financial assets.

Also Read: Microsoft Uncovers New Malware ‘StilachiRAT’ Targeting Crypto Wallets In Chrome Extensions

Where Has This Scam Taken Place?

Researchers from Kaspersky have verified 2,600 infections connected to this fraud in a number of nations, with the majority of victims being in Russia.

A majority of these scams were identified in the first three months of 2025.

Users who become infected run the danger of having their account information hacked, having their crypto stolen, or even having their two-factor authentication compromised.

The quick spread of this malware emphasizes how dangerous fake devices are becoming and how crucial cybersecurity awareness is to thwarting these frauds.

Also Read: Crypto Hackers Exploit Telegram Accounts to Spread Malware Through Fake Video Call Links