A new cyber threat has emerged, targeting cryptocurrency users through counterfeit Android smartphones sold online. Kaspersky researchers have uncovered a large-scale cyber attack involving preinstalled malware that steals cryptocurrencies and sensitive user data. These devices are being offered at significantly reduced prices, with the malicious software capable of replacing wallet addresses during transactions, diverting funds to hackers’ wallets. 270,000 dollars worth of cryptocurrency has already been stolen, with the real figure potentially much higher due to the malware’s ability to target Monero (XMR), a privacy-focused crypto known for its untraceability. The malware also intercepts text messages, steals account credentials and bypasses two-factor authentication (2FA), posing a significant threat to crypto users. Kaspersky research reveals 2,600 infections across various countries, with the majority originating from Russia in the first quarter of 2025. This attack may be linked to a supply chain compromise, where the malware was already integrated into the devices before reaching consumers, highlighting the potential for legitimate retailers unknowingly selling infected phones.