2025年十大加密貨幣惡意軟件威脅：如何保障你的手機錢包安全

加密貨幣用戶愈來愈依賴智能手機管理數碼資產，包括手機錢包與交易應用。不幸地，黑客已經盯上這個趨勢。[近期有一波針對加密貨幣愛好者的流動惡意軟件，透過惡意應用程式及詐騙攻擊Android和iOS用戶。]

本文將以簡明易懂的方式，拆解目前最普遍及最新的威脅——剪貼板惡意軟件、 “drainer-as-a-service”詐騙平臺、信息竊取間諜軟件、假錢包應用等。我們會解釋每種攻擊的運作模式、受害高危用戶、以及如何實際保護你的加密貨幣安全。

剪貼板惡意軟件：劫持你的加密交易

最難防範的威脅之一是剪貼板惡意軟件——它會劫持你手機的剪貼簿來偷走加密貨幣。當你複製一個加密貨幣錢包地址（即長長的字母及數字串）準備貼上發送時，這種惡意程式會默默地將其更改為黑客自己的地址。如果你沒察覺，便會不知情地把比特幣、以太幣或其他幣直接送到賊人手上。因此這種攻擊名稱稱為「剪」（Clipper），因為它本質上是竄改裝置剪貼簿的內容。

運作方式： 剪貼板惡意軟件通常會在手機或電腦的背景運行，持續監控像是加密貨幣錢包地址的一切。當發現你複製一個，軟件就會將它替換為一個與原本極相似但屬於攻擊者的地址。大多數用戶難以分辨長而複雜的錢包地址，這個偷天換日很難察覺。交易仍會如常進行，但資金已被轉到黑客錢包。當你發現不妥時，資產通常也不可追回（加密貨幣無法逆轉交易）。

手機如何中毒： 這類惡意軟件多經非官方應用或下載散播。2024年時，幣安（全球大型加密貨幣交易所）警告指出，剪貼板惡意軟件經由可疑手機應用及瀏覽器插件（尤其Android上）流傳。有些用戶因搜尋本地語言錢包應用或受地區限制而無法進入官方應用商店，會在第三方網站安裝程式，是惡意軟件主要入侵途徑。（iPhone/iOS雖然受蘋果審查較嚴，惡意軟件較難入侵，但並非絕對安全。）近期有例子是，中國某些廉價Android手機出廠時，預裝了經木馬化的WhatsApp及Telegram，這些應用隱藏了剪貼板惡意軟件，專門截獲聊天中的加密錢包地址，然後換成賊人的收款信息。

實際影響： 剪貼板劫持已存在多年（早期版本針對銀行帳戶號碼），但隨加密貨幣興起而大肆蔓延。某一攻擊行動中，超過52個國家的1.5萬用戶安裝了藏有剪貼板木馬的假Tor瀏覽器，僅短短幾個月就掠奪了超過40萬美元。資安研究人員指出，這類惡意軟件特別隱蔽，大多無明顯徵兆，也毋須即時與伺服器溝通或彈出任何提示，可能長期潛伏，等你複製錢包地址才動手。

高危人士： 任何從中毒裝置發送加密貨幣的用戶都會有風險，尤其是從非官方來源安裝應用的用戶最容易中招。在某些受限制地區，用戶無法安裝官方錢包、唯有用仿冒或破解App，其感染率特別高。2024年8月底，全球出現持續升溫的剪貼板惡意程式感染，導致很多人莫名損失大筆資產。

防範建議： 最佳保護方法是保持警覺，每次付款前仔細核對貼上的錢包地址頭尾字符，確保與預期一致。如果可以，改用錢包App掃描QR碼或直接使用分享功能，避免手動複製貼上。只從官方認可的渠道（Google Play、Apple App Store、官網）安裝錢包及加密貨幣插件；切勿胡亂下載APK或隨便安裝奇怪彈窗建議的「更新」。安裝信譽良好的手機防毒軟件，也有助偵測這類已知惡意軟件變種。

“Drainer-as-a-Service” : 釣魚網站一擊榨乾你的錢包

並非所有加密貨幣攻擊都需要你手機中有惡意程式——有時，假網站或應用便能騙你主動交出錢包。所謂的「Drainer」一般就是針對錢包的釣魚（Phishing）騙局。一個典型的Drainer攻擊，會誘騙你到一個冒充合法交易所、錢包或NFT平臺的網站或應用，然後要求你連接錢包或輸入助記詞/私鑰。若你上當，攻擊者會立刻榨乾你錢包裡所有幣種——因此稱作Drainer（抽水機）。

這些犯罪行動電腦化及商業化到甚至有人提供「Drainer即服務（DaaS）」，即租用現成惡意工具包。2023年一個大型行動Inferno Drainer，冒充超過100家主流加密貨幣服務（如Coinbase、WalletConnect）並用上逾1.6萬個假網站，短期內騙去八千多萬美元，波及全球約13.7萬人。這犯罪集團甚至將工具出租，分賬詐騙得益。根據報道，有心黑客最低只要100-300 USDT（數百美元）就能租用該類服務，相對可觀收益誘因甚大。

運作方式： Drainer詐騙通常始於社交工程，黑客在社交媒體（Twitter/X、Telegram、Discord等）以盜用/假冒身份發布連結誘餌，如免費發幣、NFT鑄造或「補償」活動。連結會帶你到仿真度極高的假網站，如仿MetaMask錢包介面、DeFi應用登入頁。當你被誘導連接錢包（無論是MetaMask、WalletConnect等），可能會被偷偷要求授出權限簽署可疑交易。一旦你批准，智能合約或腳本可即時撤走你資產。最危險是輸入助記詞或私鑰時——對方可立即導入你的錢包清空所有資金。

高危人士： 這類詐騙撒網極廣，網上活躍的加密貨幣社群用戶尤其容易「中招」，如渴望空投或免費代幣、追逐高回報的用戶。2023年全球多區用戶（北美、歐洲、亞洲）均有受害，甚至有經驗老到的用戶，在狀況失誤下也能被真實仿冒網站騙得團團轉。有時候黑客會入侵官方社交媒體賬號（甚至公司或政府的帳號），用以發佈惡意連結，看似正式更易使人上當。遇到突如其來的「優惠」，需加倍警惕！

**釣魚“Drainer”**詐騙經常冒充知名服務，誘使用戶連接錢包。2023年Inferno Drainer行動曾仿冒Coinbase、WalletConnect等超過1.6萬個網域，經社交媒體佈局，盜竊逾八千萬美元加密貨幣。

防範建議： 切勿在官方錢包應用以外的地方輸入助記詞或私鑰——任何正規活動或客服都不會叫你這樣做。連接錢包至新網站或應用時，需格外小心，如發現要求簽署可疑交易或開放所有權限，請三思（例如如要求不限額訪問全部資產，極為可疑）。盡量手動輸入官方網站網址／用書籤進入服務，避免隨意點擊社交媒體等來源不明連結。瀏覽器及資安軟件的釣魚警告功能必須開啟。亦應定期檢查並撤銷過期錢包授權（可用Etherscan或錢包設置內操作），防止舊的連結成為漏洞。遇到「天上掉下來的」意外加密致富機會必須存有懷疑心態——如果「優惠」好得不可思議，多數就是陷阱。

信息竊取惡意軟件：監控你的錢包密鑰

另一類威脅著重搶奪你裝置內敏感資訊——密碼、錢包私鑰、助記詞，凡是可讓人存取你資產的東西。這類程式亦稱為資訊竊取（infostealer）或間諜軟件。以往主力針對電腦（如RedLine、Raccoon會盜取瀏覽器密碼、錢包檔案等），現時相關手段已蔓延至智能手機。

現代流動版信息竊取軟件功能精細，近日... campaign uncovered in late 2024 – nicknamed SparkCat – managed to sneak malicious code into apps on both Google Play and Apple’s App Store. This was a game-changer because it was the first time Apple’s iOS App Store was found hosting a crypto-stealing malware. The attackers achieved this by inserting a malicious software development kit (SDK) into seemingly normal apps (including a food delivery app with over 10,000 downloads on Google Play). Once on a device, the hidden code would quietly search the user’s files for any clues to crypto wallets. In fact, it used OCR (optical character recognition) technology – essentially reading text from images – to scan through screenshots and photos in the phone’s gallery, looking for images of recovery seed phrases or private keys. Many people, unfortunately, take screenshots of their wallet’s 12- or 24-word recovery phrase or save them as photos; SparkCat was designed to find those and send them to the attackers’ server. With a stolen recovery phrase, criminals can instantly recreate your wallet and drain it.

2024年尾揭發的一次攻擊行動，外號SparkCat，成功將惡意代碼潛入Google Play同Apple App Store上的應用程式。呢一單係大突破，因為係首次發現Apple iOS App Store有隱藏偷加密貨幣嘅惡意程式。攻擊者係將一個惡意軟件開發套件（SDK）植入睇落正常嘅應用，包括一個超過一萬次下載嘅外賣App。當受害人安裝咗Apps，程式內嘅隱藏代碼會靜靜雞掃描用戶文件，搵有冇加密錢包相關嘅線索。其實佢仲利用光學字符識別（OCR）技術，即係可以讀取相片入面嘅文字，掃描手機相簿入面嘅截圖同相片，尤其係搵有沒有復原種子短語或者私鑰嘅相。可惜，好多人會將自己錢包12個或24個還原詞語截圖，或者用相影低，SparkCat正正係設計嚟搵呢啲嘢，然後上載到攻擊者伺服器。賊人一得到種子短語，就可以即時還原錢包搶晒所有錢。

And SparkCat is not an isolated case. Earlier, in 2023, another malware was found in modified messaging apps that similarly scanned chat images for wallet backup phrases. Meanwhile, the trojanized WhatsApp/Telegram apps we mentioned in the clipper section not only altered addresses but also harvested all images and messages from the device (again to sniff out private keys or seed phrases). Clearly, hackers are deploying multiple methods to spy on anything that could unlock your crypto.

SparkCat唔係孤例。再早少少，2023年，亦發現有惡意程式藏於改裝版通訊App入面，會一樣掃描聊天圖片搵備份短語。至於之前講過被植入木馬嘅WhatsApp/Telegram版，不單止會改掉用戶嘅收款地址，仲會收集手機內嘅所有圖片同訊息，繼續偵查有冇私鑰或者種子短語。可見黑客係用盡各種手段，監控一切可以解鎖加密貨幣資產嘅資料。

How They Infect Devices: Infostealers often hide inside apps that appear benign. They can be fake utility apps, wallet management tools, or completely unrelated apps (like the food delivery app example) that manage to pass official app store reviews. Sometimes, they spread via third-party app stores or pirated apps. In the case of SparkCat, the malicious SDK was in some apps on official stores – those were quickly removed once discovered in early 2025. But the mere fact they got through shows that even iOS users must remain cautious about what they install. On Android, the openness of the platform means if you sideload an app (installing from APK), you bypass even Google’s protections – many Android infostealers circulate on forums and dodgy download sites.

佢哋點樣入侵裝置？竊資軟件通常會藏身於表面無害嘅應用程式。可以係假冒工具App、錢包管理工具，甚至同加密貨幣完全無關（例如之前提過嘅外賣App），但都通過到官方應用商店嘅審查。有時甚至會喺第三方應用商店或者盜版App分發。例如SparkCat，犯案時係將惡意SDK植入部分官方App Store上架嘅Apps——被發現後（2025年初）即時下架。但佢曾經過關，就證明連iOS用戶都唔可以掉以輕心自己裝咗啲咩Apps。至於Android，系統較開放，如果用戶自己下載APK安裝，即已經繞過Google防護——好多Android資訊竊取程式都係經網上論壇或者啲可疑網站流傳。

Symptoms and Consequences: One tricky aspect is that pure infostealer malware might not show obvious symptoms to the user. It may run quietly when you launch the host app or in the background, then relay data out over the internet. However, there are a few indirect signs: your phone might experience unusual battery drain or data usage, or you might notice the device heating up or slowing down for no clear reason – these can hint that some app is doing more than it should. (Keep in mind, these symptoms could be caused by any number of things, so they’re just hints to investigate further.) If an infostealer succeeds, the first “symptom” could be something external – for example, you discover unauthorized transactions from your exchange account, or your wallet is mysteriously emptied. By then, the damage is done.

徵狀同後果： 呢類純資訊竊取（infostealer）惡意程式，最大問題係好多時冇明顯徵狀。佢可以喺你開App或者喺後台靜靜雞運行，然後將資料經網絡上傳。但你都可以留意幾個間接現象，例如你部手機開始無故食電快，或者數據流量用得多咗，又或者見到部機唔知乜事發熱或者變慢——雖然呢啲都可以由好多原因造成，但都係提示你應該留意有咩App唔正常。如果infostealer成功入侵，首個「徵狀」可能根本唔係手機入面出現，而係你發現交易平台戶口有未經授權嘅交易出現，或者錢包突然清空，咁到時真係損失已造成。

Who’s at Risk: Anyone who stores sensitive crypto info on their phone (or in cloud apps accessible via phone) can be a target. This includes having screenshots of seed phrases, private keys in a notes app, or even authentication credentials cached in apps. Crypto enthusiasts who try out lots of new apps or use Android devices with less restrictions have a higher exposure. Also, people who use jailbroken iPhones or rooted Androids (which disable some security sandboxing) are at greater risk, as malware can more easily access other app data in those environments. Geographically, we see infostealers being a global threat: for instance, the SparkCat-infected apps were downloaded hundreds of thousands of times across regions like the Middle East and Southeast Asia, and the preloaded Chinese phones with malware likely affected users in Africa and Asia who bought those devices. In short, the threat is not limited by borders – wherever there are crypto users, info-stealing malware can follow.

邊啲人最危險： 任何將加密貨幣敏感資料存喺手機（或者經手機可存取嘅雲端Apps）嘅人，都可能中招。包括你有截圖保存種子短語、將私鑰放在記事本、或者Apps入面有認證緩存。對於成日試新App或者用無咁多限制嘅Android用戶風險更高。至於用咗越獄iPhone或者root機Android（已經失去部分安全沙盒保護）嘅，都會變得特別危險，因為惡意程式更容易攞到其他Apps嘅數據。地區方面，資訊竊取軟件係全球威脅：舉例，SparkCat感染嘅Apps曾經被中東、東南亞地區下載過十萬次，而預載有惡意軟件嘅中國手機，都有不少非洲、亞洲買家受害。簡而言之，只要有加密貨幣用戶，info-stealer就可以跟到去任何地區。

How to Stay Safe from Infostealers: First, never store your wallet’s recovery phrase or private keys in plain text on your phone. Avoid taking screenshots of them; if you absolutely must have a digital copy, consider using a secure, encrypted password manager – and even then, storing a seed phrase digitally is generally discouraged. It’s far safer to write it down on paper and keep it offline. Be very selective about the apps you install. Stick to official app stores when possible, but also realize that not every app in the Play Store or App Store is trustworthy – check the developer’s reputation and reviews. Be cautious if an app asks for excessive permissions (e.g. a wallpaper app asking to read your storage or messages). Keep your phone’s OS and apps updated, as updates often patch security holes that malware can exploit. Using mobile antivirus/security apps can help flag known malicious apps or suspicious behavior. Finally, monitor your accounts and wallets – set up alerts for transactions if possible, so you get early warning of any unauthorized activity.

點樣預防Infostealer： 首先，千祈唔好將錢包還原短語或者私鑰用明文擺部手機；盡量唔好影相或截圖。如果真係要有電子版本，建議用加密嘅密碼管理工具——不過都提醒你，一般都唔建議電子化存種子短語，紙本寫低，離線保存安全好多。揀Apps時要精明，最好都係用官方App Store下載，就算係咁都要睇清楚開發者聲譽同用戶評價。任何App要求過多權限（如一個桌布App要讀相簿、信息等）都要加倍小心。記得定期更新手機系統同所有Apps，因為更新會封鎖潛在嘅安全漏洞。安裝手機防毒/安全App都可以早啲查到已知惡意軟件或者可疑行為。最後，持續監察自己嘅帳戶同錢包，有得設定交易通知就一定要開，發現未經授權活動可以即時處理。

Fake Crypto Apps and Trojan Wallets: Scams Disguised as Legitimate Platforms

假加密App同木馬錢包：冒充正規平台的詐騙

Not all threats rely on hidden malware; some are outright scam apps that openly trick victims into handing over money. We’re talking about fake crypto wallet apps, bogus investment platforms, and trojanized versions of legitimate apps. These often play a key role in “pig butchering” scams – where someone you meet online persuades you to install a special crypto trading app and invest money, only for it all to vanish. While these apps might not hack your phone in the technical sense, they facilitate theft by deceit, and thus are important to understand in the context of mobile threats.

唔係所有威脅都靠潛藏惡意軟件。有啲係直接以詐騙App形式出現，明搶受害人金錢。例如假錢包App、虛假投資平台、甚至係木馬化正規App。呢啲App成日用於「殺豬盤」——即係你網上識到朋友，佢叫你裝一隻特別炒幣App，掂掂吓錢就唔見哂。雖然呢啲App唔一定用駭客技術去hack你部機，但都係明騙，係流動裝置安全上一樣要識。

Fake Investment and Wallet Apps (The “Pig Butchering” Tactic)

假投資/錢包app（「殺豬盤」手法）

Imagine an app that looks like a glossy crypto exchange or wallet, complete with charts and a customer support chat. You deposit your Bitcoin into it, maybe even see your balance and some “profits” on screen. But when you try to withdraw, errors pop up – support goes silent – and you realize the app isn’t real. Unfortunately, this is a common scenario in pig butchering schemes. Scammers build fraudulent crypto apps that are not linked to any legitimate company. Often, they are distributed outside official app stores (for example, via TestFlight links on iOS or direct APK downloads on Android) to bypass rigorous reviews. The setup usually involves a long con: the scammer befriends the victim (through dating sites or social media), gains trust, then suggests they “invest” in this great new crypto platform – pointing them to download the fake app. The app might even show fake live market data and let the user withdraw small amounts at first to build trust. But soon, the victim is encouraged to invest more, sometimes borrowing money, only to have the app operators disappear with all the funds.

你試想像，一個靚靚嘅加密貨幣交易所或錢包App，有圖有表又有客服聊天介面，你將比特幣入咗去，賬面見到有錢甚至假裝有盈利。但去到提現就不斷出錯，客服又唔覆，先知原來成隻App是假。可惜，呢個「殺豬盤」劇本幾乎日日都有人中招。騙徒會整啲假加密App，唔屬於任何正規公司。大部分都喺官方App Store以外派發，例如用TestFlight (iOS) 或直接send APK (Android)去繞開審查。常見會見到先跟你網上交朋友（拍拖App、社交媒體等），博取信任後，先推介個「高回報」投資App。頭幾次可能仲讓你成功提現少少，當你信咗，甚至教你借錢再入大啲，到尾全部錢都畀人呃走。

Real Examples: The FBI warned in 2023 about scammers abusing Apple’s TestFlight (a platform for beta-testing apps) to distribute malicious crypto apps that weren’t vetted by the App Store. Sophos researchers uncovered a campaign called “CryptoRom” targeting iPhone users worldwide: the attackers would get a real app approved on the App Store for TestFlight, then after approval, they’d update it to a malicious version or redirect it to a fake server – effectively sneaking a trojan app onto iPhones under the guise of a beta test. On Android, scammers don’t even need to be that fancy – they can directly send an APK link. In some cases, fake crypto trading apps have even made it onto Google Play by masquerading as legitimate (using icons/names similar to real exchanges) until they were reported and removed.

真實案例： 例如FBI響2023年提醒過，有騙徒濫用Apple TestFlight平臺（即係Apple推出嘅測試版App派發渠道），去派惡意加密App，根本冇經過App Store審查。Sophos研究人員發現一個名為「CryptoRom」嘅攻擊行動，針對全球iPhone用戶：攻擊者先將正規App上架App Store嘅TestFlight，再批核後悄悄更新成惡意版，或者換server指向假網站，等於喬裝測試版將木馬塞入iPhone。至於Android，騙徒仲直接簡單，隨時傳送APK下載連結。有時候，假裝正規交易所聲稱自己係正品（冒充真站logo/名），都可以一陣間爬上Google Play，直到畀人舉報下架。

Who’s at Risk: These scams tend to target individuals through romance scams or networking on apps like WhatsApp and WeChat. Often, they single out people who may be new to crypto or not extremely tech-savvy – though plenty of tech-aware folks have been fooled too, due to the psychological manipulation involved. Victims around the world have fallen prey, from the U.S. to Europe to Asia. There have been numerous arrests of “pig butchering” rings in Southeast Asia, but the operation is global. If a very friendly stranger online is eager to help you get into crypto investing and pushes a specific app, alarms should go off.

受害人係咩人： 呢類騙局多數會用戀愛詐騙或者係WhatsApp、WeChat等認識新朋友嘅場合落網。受害人大多數係新接觸加密貨幣、冇乜技術底子嘅人——不過，不少用開科技產品嘅人都會心理戰術呃到。全球都有受害者，由美國、歐洲到亞洲。東南亞好多地區都破獲過「殺豬盤」集團，但規模已經遍全球。如果有新認識嘅網友急住幫你搞加密投資，又不停推介一隻特定App，你就要打醒十二分精神。

Protection Tips: Be extremely wary of unsolicited investment advice or app suggestions, especially from new online acquaintances. If someone claims huge returns on a special app not available on official stores, it’s almost certainly a scam. Only use well-known, official crypto exchange apps or mobile wallets – and check that the developer name and company details match the official source. If you’re on iOS and you’re asked to install an app via TestFlight or an enterprise profile, pause and question why it’s not in the App Store proper. (Advanced tip: In iOS Settings > General > VPN & Device Management, you can see if an unknown profile is installed – if so, that’s a potential red flag.) For Android, avoid installing APKs sent via chat or email. And remember, if an app looks real but is asking you to deposit crypto before you can do anything, or if it promises unrealistically high returns, it’s likely a scam. Always do a web search on the app name plus the word “scam” to see if others have reported it.

防騙建議： 千祈唔好信網友或者陌生人突然傾投資講App，尤其係啲自己未聽過嘅炒幣應用程式。如果有人自稱某隻App回報極高，又話要你裝啲唔喺官方store嘅野，幾乎百分百係詐騙。只用大牌官方平台App同錢包App，而且留意開發商及公司資料係咪官方正版。如果係iOS，有人想你用TestFlight或者企業證書安裝App，要即刻問點解唔係App Store直接下載。（進階提示：iOS設定＞一般＞VPN與裝置管理，可以查下有冇可疑profile已裝，見到就要小心！）至於Android，千祈唔好裝網上朋友傳來的APK或可疑電郵下載。記住，如果見到啲App好似真App，但未操作就要你先存錢，或者話有啲超高回報，十有八九係假。記得用網上搜尋app名加「scam」睇下有冇人爆料。

Trojanized Legit Apps (Banking Trojans Evolving for Crypto)

木馬化正版App（傳統銀行木馬轉戰加密貨幣）

Finally, there’s a crossover category: traditional banking trojans that have evolved to target crypto applications. These are malware apps that might pose as something useful (say, a PDF scanner or a game) but once installed, they use intrusive permissions to monitor your device. When they detect you opening a real banking app or crypto wallet app, they can

最後仲有一類「跨界」威脅：由傳統銀行木馬變種而成，專攻加密貨幣用戶。呢類惡意程式通常偽裝成有用嘅應用（好似PDF掃描儀、手機遊戲等），一安裝就會要求過多權限，用嚟監控你手機。當佢發現你開啟真銀行App或者加密錢包時，佢就……即時彈出一個假的登入畫面（覆蓋層）去盜取你嘅帳戶資料，甚至插手截取SMS兩步驗證碼。過往，Android銀行木馬如Anubis、Cerberus等，已經搞到好多銀行賬戶被清空。依家，佢哋更將加密貨幣錢包納入目標。

最近一個例子就係Crocodilus，一隻喺2025年初首次發現嘅Android銀行木馬。最初佢主攻土耳其嘅銀行App，但新版本已經擴展到全球，仲特登新增功能去竊取加密貨幣錢包資料。Crocodilus可以喺正宗加密App上面覆蓋假登入畫面（例如你打開手機錢包時，突然彈出一個睇落同錢包登入一模一樣嘅提示，其實係木馬釣你嘅PIN或密碼）。其中一招更加陰險：Crocodilus會改你電話聯絡人名單，加入假嘅「銀行客服」號碼，好大機會令受害人誤以為來電或短訊係銀行本人聯絡。最勁（同時最危險）係，最新Crocodilus變種仲自動盜取助記詞：可以偵測到錢包App顯示康復詞（例如設定時）或者你有輸入過，然後就將資料傳俾攻擊者。講白啲，佢係個全方位銀行加密錢包大賊。

Crocodilus係透過騙人嘅手法擴散，好似Facebook廣告推假App（例如「積分獎勵計劃」之類）畀唔同國家用戶。一旦有人click落去下載，木馬會靜靜地繞過部份Android安全防護，自己安裝入手機。呢個現象提醒咗我哋，就算係科技達人，都一樣有機會中招——主流平台廣告入面都有可能遇到惡意軟件，真係好毒。

邊啲人最危險？ 因為呢啲木馬通常要用戶自行安裝非官方App，所以最危險就係啲會side-load App或者唔理安全提示嘅Android用戶。不過，就算係Google Play，都有木馬應用程式間中蒙混入閘（雖然一般好快會被下架）。啲Android用家人數多嘅地區、活躍加密社群、就出現得更加多個案；Crocodilus行動就發現過歐洲部分地方（波蘭、西班牙）、南美（巴西、阿根廷）、土耳其、印尼、印度、同埋美國——真係全球到處有。基本上，只要你用Android做銀行或玩加密幣，就要小心Overlay木馬。iPhone用戶會安全啲，因為iOS有sandbox技術，通常唔畀一個App蓋住另一個App畫面，亦唔容易截圖內容（除非越獄）。Apple App Store審核都會踢走可疑行為。不過，iOS用戶都唔可以掉以輕心——正如講過，其他種類加密幣惡意軟件一樣有方法入侵到。

防護貼士： 建議同其他惡意軟件一樣：盡量只用官方應用程式商店，即使咁都要清楚Check你裝咗啲咩App。如果有App問你攞Android「無障礙服務」等權限（呢招好常用嚟攞大權去蓋畫面、幫你Click掣）或者有啲不匹配用途嘅高級權限，要加倍留意。如果銀行/錢包App突然彈出奇怪嘅登入步驟、要求以前冇問過你嘅資料，記住停一停——有機會其實係惡意軟件嘅覆蓋畫面。收緊你Android手機安全設定（冇必要就唔好俾權限裝未知來源App）。另外，安裝信譽好嘅安全軟件，有時真係可以幫你及早發現已知銀行木馬。

邊類用戶最容易中招？

透過手機App嘅加密貨幣惡意軟件係全球性問題，不同平台、地區嚴重程度唔同：

Android用戶： 因為Android開放式生態環境，Android用戶面對大部分流動加密惡意軟件攻擊。Clippers、Infostealer、銀行木馬基本上都主攻Android，攻擊者好易騙人安裝假App，甚至直接預載喺出廠假機。見得最多係專注於俄羅斯、東歐等國家用戶（例如假Tor Browser clipper，或者坊間賣得平嘅水貨Android機）。Crocodilus就中咗土耳其、歐洲、南美部分地區。亞洲、非洲都見過供應鏈攻擊廉價手機同騙人App大量氾濫。講到底，美國及西歐都唔係安全區——全球著名騙局如Inferno Drainer、「殺豬」集團都用工程手法/社交工程騙過唔少美、英用戶。如果你用Android玩加密幣，唔好理你身處邊度，都要預咗自己係目標。
iOS用戶： iPhone有完善安全防護同App Store審核，惡意軟件數量遠少。不過「少」唔等於「冇」。iOS用戶一樣有機會中社交工程／騙案（例如被引導用TestFlight安裝假投資App）。2024年發現SparkCat惡意軟件潛入App Store，證明有決心嘅攻擊者都入得到。不過Apple好快已經下架咗染毒App。一般iPhone用戶只要堅守用App Store、注意安全常識，已經算幾安全——不過高價值目標或者活躍加密炒家都唔可以掉以輕心（特別小心釣魚連結、任何建議裝conf. profile或Beta App行為）。
新手或者經驗少嘅加密用戶: 好多騙局（假App，Drainer釣魚，殺豬盤）都針對啱啱踏入加密幣圈、不熟技術嘅人。如果你啱啱開始用crypto，未必知道正宗App絕唔會問你助記詞/seed phrase，或者區塊鏈交易一但發出就冇得反悔。騙子假扮「熱心」好友、客服哄新手跳入陷阱。要記住：正規錢包、交易所都有官方客服，絕對唔會要你裝奇怪App嚟解決問題或參加優惠。
高價值目標: 相反，如果你係圈內出名大戶（例如成日係網上吹噓或者喺鏈上被Track到係Whale），黑客會針對你一個出招，例如發獨家釣魚連結或者送一部本身有毒嘅裝置俾你。雖然相對唔算多，但如果你係加密大戶，應該用一部專用手機玩crypto同高度鎖定。

總結嚟講，受害人橫跨各年齡階層和背景——由退休人士誤中殺豬假App，到DeFi玩家俾假MetaMask網站釣魚，或者普通Android用戶以為裝Telegram最後中咗招。大家都要保持警覺。

比較常見惡意軟件類型：症狀、傳播方式與防禦方法如果你想有效保護加密資產，就要分清楚幾類流動惡意軟件——clipper惡意軟件、crypto drainer、infostealer木馬、假加密App、overlay木馬。每一類都有唔同特徵、傳送手段，要針對性防範。

Clipper惡意軟件會偷偷將你複製嘅加密錢包收款地址換成攻擊者地址，通常透過非官方App、APK檔、或者預載喺假/被入侵手機上流傳。佢好潛水，通常到你誤將幣發咗去賊人地址先會發現。自保方法係每次轉帳都再三核對地址、堅持只喺官方來源安裝App、用手機安全軟件檢查已知威脅。

Crypto drainer包括釣魚網站同「Drainer-as-a-Service」平台，誘使用戶直接交出私鑰或者授權假交易。常透過社交媒體、電郵、短訊連結派發，成日冒充正宗加密品牌如Coinbase、MetaMask。手機表面冇異樣，但資產損失就知中招。安全技巧：永遠唔好喺官方錢包App以外地方輸入助記詞，逐一檢查網址，唔好參與突如其來加密幣Giveaway，定期褫奪無用DApp權限。

Infostealer木馬會唔聲唔聲偷走你手機敏感資料，例如密碼、助記詞、Recovery資訊截圖。好多時見到係類似正宗App——甚至會有喺正規應用商店漏網之魚——中伏。好難捉，有時只有用電少咗/機慢咗等無感跡象。預防靠主動：絕對唔好將種子/私鑰數碼形式儲喺手機、避免截圖私密資訊、安裝前要審查App背景、密切留意奇怪權限要求。

假加密錢包/假投資App會直接呃人將加密幣存入假平台，通常係「殺豬盤」式社交騙局一部分。呢啲App會俾你睇假餘額、假盈利，但提款永遠唔得。經常用下載連結、通訊App、甚至Apple TestFlight推送，主攻以「熟人信任」哄你落疊。自保：只用成熟、正官方錢包App、唔好信「高回報」承諾、唔好裝陌生人主動極力推薦App。

最後，銀行同錢包木馬會做覆蓋（Overlay）——即係用假登入畫面攞你正宗銀行或加密App的登入資料。傳播方法包括deceptive links, SMS phishing, rogue social media ads, or sideloaded APK files, these trojans typically prompt unexpected or unfamiliar login requests. Vigilance here includes refusing apps unnecessary permissions like Accessibility or Device Admin, questioning any unusual app behavior, and ensuring your phone’s software remains consistently updated.

欺詐連結、短信釣魚、假冒社交媒體廣告或經側載的 APK 檔案，這些木馬程式通常都會彈出意想不到或陌生的登入請求。保持警覺包括拒絕應用程式索取不必要的權限，例如「協助工具」或「裝置管理員」，對任何異常的應用行為提出質疑，以及確保你的手提電話系統持續更新。

How to Protect Yourself and Your Crypto Assets

如何保障自己及你的加密資產

We’ve highlighted a lot of scary scenarios, but the good news is you can significantly reduce your risk with some straightforward practices. Here is a concise checklist of actionable steps to stay safe from cryptocurrency malware on mobile:

我們已經說過不少令人擔憂的情景，不過好消息是只要採取一些簡單措施，就可以大大降低風險。以下是一份精簡可行的清單，助你在手機上防範加密貨幣惡意軟件：

Use Official Apps and Keep Them Updated: Only download wallet apps, exchanges, or trading apps from the Google Play Store or Apple App Store. Even then, double-check that the app is the real deal (check the developer name, read reviews). Keep these apps – and your phone’s operating system – updated to get the latest security patches.
使用官方應用並保持更新： 只應從 Google Play Store 或 Apple App Store 下載錢包、交易所或炒幣應用。就算如此，都要再三確認應用是否正貨（查清楚開發者名稱、閱讀用戶評論）。保持應用程式及手機操作系統都已更新，獲取最新安全修補。
Avoid Sideloading and Unknown Links: Sideloading (installing apps from outside official stores) is a major risk on Android. Unless absolutely necessary, avoid it. Be extremely cautious with links sent via email, social media, or messaging apps, especially those offering quick profits or urgent requests. When in doubt, don’t click. If you need to access a crypto service, navigate there manually or via a trusted bookmark.
避免側載與不明連結： 在 Android 上經側載（即非官方商店下載）安裝應用的風險極高，非必要絕不建議。對於電郵、社交媒體、即時通訊傳來的連結要格外小心，尤其是涉及快速賺錢或急切請求那些。如有懷疑，千萬不要亂撳。如要使用加密相關服務，應該手動輸入網址或用可靠書籤進入。
Never Share Your Seed Phrase: Your recovery seed phrase (the 12 or 24 words for your wallet) is the keys to the kingdom. No legitimate support person or app will ever ask for it, except when you yourself are intentionally restoring a wallet. Treat it like the most sensitive password imaginable. If any app or website – or person – asks you for it, assume it’s a scam and refuse.
絕不透露你的助記詞： 你的錢包恢復助記詞（即那 12 或 24 個單詞）就等於你整個資產的鎖匙。無論任何合法客服或應用程式，都絕不會主動向你索取（除非是你自己主動恢復錢包時）。當它是最機密的密碼看待。任何程式、網站或人士向你索取助記詞時，都應當作騙局，即時拒絕。
Double-Check Everything: When making crypto transactions, develop a habit of double- or triple-checking details. For addresses, look at the first 4–6 characters and last 4–6 characters and confirm they match the intended recipient. Confirm transaction details (amounts, asset type) before approving. This helps thwart clipper malware and also human mistakes. In fact, Binance’s security team even suggests taking a screenshot of the address you intend to send to and verifying it with the recipient via another channel – while that may be overkill for everyday use, it underscores the importance of being 100% sure before you hit “Send”.
所有東西要再三確認： 進行加密轉帳時，請養成反覆核對的習慣。檢查地址時，要核對開頭 4-6 位數及結尾 4-6 位數，確認正確。批准前要核對交易細節（金額、資產類型等等）。這可以有效防止剪貼板惡意軟件、亦減低人為失誤。甚至 Binance 的安全團隊都建議將收件人地址截圖，然後用第二種方法跟對方確認——雖然日常未必用得著，但這也凸顯任何時候「確認無誤」的重要性。
Be Alert to Device Behavior: Pay attention to your phone. If you suddenly see new apps you didn’t install, or your device is persistently hot and slow, investigate. These can be signs of hidden malware. Similarly, if your mobile browser starts redirecting oddly or you see pop-ups, don’t ignore it. Uninstall any suspicious apps and consider running a mobile security scan. On Android, you can also go to Settings > Apps and review installed apps – if something unfamiliar with broad permissions is there, that’s a red flag.
警惕裝置異常行為： 留意自己部手機情況。如果發現多了你無安裝的應用，或者經常發熱變慢，都要小心檢查，這可能是隱藏惡意軟件徵兆。同樣地，手機瀏覽器經常自動跳轉或彈出怪異視窗，也不要忽略。應即時刪除可疑應用，建議執行手機安全掃描。在 Android 裝置，可到「設定＞應用程式」檢查列表，如發現陌生又有廣泛權限的應用就要特別警惕。
Secure Your Communications: Some malware intercepts SMS messages (for 2FA codes) or messages in apps like WhatsApp/Telegram (as we saw with the pre-loaded trojan). Where possible, use app-based authenticators (Google Authenticator, Authy, etc.) or hardware 2FA tokens instead of SMS for two-factor authentication on exchanges. This reduces the value of SIM-swap attacks and SMS-stealing malware. Also, be cautious about what you discuss or share in messaging apps – e.g., never send someone your private keys or login passwords via chat.
加強通訊保安： 有部份惡意軟件會攔截 SMS（如 2FA 驗證碼）或 WhatsApp/Telegram 內的信息（尤其是那些預載木馬程式）。儘量用 app 類驗證器（如 Google Authenticator、Authy 等）或實體 2FA 裝置代替 SMS。這可以降低 SIM 卡調包或 SMS 被盜的風險。另要小心在即時通訊程式上的對話內容——例如千萬不要經 chat 傳私鑰或登入密碼。
Use Hardware Wallets for Large Funds: If you hold a significant amount of crypto for the long term, consider using a hardware wallet (like a Ledger or Trezor device) for storage. These devices keep your keys off your phone/computer, and transactions must be approved on the device itself. Even if your smartphone is malware-infected, the hacker can’t directly get your hardware wallet’s keys. (Just be sure to buy hardware wallets directly from the manufacturer to avoid tampering.)
龐大資產建議用硬件錢包： 長期持有大量加密資產的人，建議採用硬件錢包（如 Ledger 或 Trezor 等）。這類裝置將私鑰從手機／電腦中分離，交易時亦要在硬件錢包上親手確認。即使你的手機中咗毒，黑客都拿不到你硬件錢包內的私鑰。（記住硬件錢包應只向官方渠道購買，避免受到篡改。）
Back Up Your Wallet Securely: This might sound counterintuitive in a security article, but make sure you do have a backup of your seed phrase stored safely (offline, on paper or engraved metal, in a secure location). Why is this a security tip? Because if malware wipes out your phone or you get locked out due to a ransomware attack, you want to be able to recover your funds. The key is to store that backup securely – not digitally on the phone. Think fireproof safe or safety deposit box, not your camera roll or a plaintext note.
安全備份你的錢包： 這點講起來似乎跟網絡安全相反，但你一定要安全地備份助記詞（離線抄紙或刻金屬片，並妥善保管）。為什麼這都是安全大前提？因為如果你部電話被惡意軟件清空、又或者遭勒索病毒鎖機，你都可以復原自己的資產。重點是備份要存放得夠安全——千祈唔好相片相簿、純文字筆記那類。應該用防火夾萬或保險箱，而唔係任何電子裝置裡。
Stay Informed and Educated: The crypto landscape evolves quickly, as do the threats. Make it a habit to follow reliable crypto security news (for instance, exchanges like Binance often post security alerts, and cybersecurity firms publish reports). Being aware of the latest scams – whether it’s a new type of malware or a prevalent phishing trick – will help you recognize something’s wrong if you encounter it. Share this knowledge with friends or family who are getting into crypto too; a lot of victims fall simply because they didn’t know what to watch out for.
保持資訊更新及自我增值： 加密圈子發展快，風險同樣不斷轉變。養成習慣，定期留意可信賴的行業安全新聞（例如 Binance 經常有安全提示，或留意網絡安全公司報告）。如果你知道最新騙案或惡意程式，就有機會及早識破。還可以和打算涉足加密／虛擬資產的朋友、家人分享這些知識；不少受害者其實只是因為「唔知要提防啲咩」。

10 Crypto Malware Threats of 2025

2025 年十大加密貨幣惡意軟件威脅

1. SparkCat Infostealer

1. SparkCat 資訊竊取者

Threat: Malicious SDK found in official App Store and Google Play apps, scanning images for crypto seed phrases using optical character recognition (OCR).
威脅：部分官方 App Store 及 Google Play 應用內發現惡意 SDK，會用光學字符識別（OCR）掃描圖片尋找加密助記詞。
Protection: Never store seed phrases digitally or take screenshots of them. Use encrypted password managers or offline storage (paper backups).
防護：千萬不要用電子方式儲存助記詞，亦不要截圖。可考慮用加密密碼管理器或離線備份（寫在紙上保存）。

2. Clipper Malware (Clipboard Hijackers)

2. Clipper 剪貼板劫持器

Threat: Silently swaps crypto addresses copied to clipboard with attackers' addresses, causing users to send crypto to thieves unknowingly.
威脅：在你複製加密地址到剪貼板時，靜悄悄將其換成攻擊者的收幣地址，令你誤將資產發往賊方。
Protection: Always double-check pasted crypto addresses (first and last characters). Avoid apps from unofficial sources and keep security software updated.
防護：每次貼上地址請檢查開頭及結尾數位有無對上。不要安裝非官方來源應用，安全軟件亦要保持更新。

3. Inferno Drainer (Drainer-as-a-Service)

3. Inferno Drainer（即服務型盜幣工具）

Threat: Phishing campaign spoofing trusted crypto platforms via thousands of fake domains, quickly draining wallets once connected.
威脅：用數千個假網址冒充知名加密平台進行釣魚活動，用戶一連接就被盜走錢包資產。
Protection: Never enter private keys or seed phrases online; verify URLs carefully; regularly revoke unused wallet permissions.
防護：絕不可於網上輸入私鑰或助記詞；認真檢查網址；定期取消不常用錢包授權。

4. Crocodilus Banking Trojan

4. Crocodilus 銀行木馬程式

Threat: Android malware overlaying fake login screens on crypto wallets and banking apps, stealing passwords, keys, and even 2FA codes.
威脅：Android 惡意程式會在加密錢包或銀行 app 上疊加假登入畫面，竊取密碼、私鑰及 2FA 驗證碼。
Protection: Refuse suspicious app permissions (especially Accessibility Services); verify unusual login prompts; keep devices fully updated.
防護：拒授可疑 app 權限（特別是協助工具權限）；遇到異常登入提示要核對清楚；裝置保持最新版本。

5. CryptoRom (Fake Investment Apps)

5. CryptoRom（假冒投資 app）

Threat: Fake crypto investment apps distributed through Apple TestFlight and APK downloads, typically part of "pig butchering" romance scams.
威脅：假冒加密投資應用透過 Apple TestFlight 或 APK 文件流傳，常見於「殺豬盤」情緣騙局中。
Protection: Stick strictly to official app store downloads; avoid investment offers from strangers online; always question unusually high returns.
防護：必須堅持只用官方 app 店下載；網上陌生人推介投資一律唔好信；高回報都要先質疑。

6. Trojanized WhatsApp and Telegram Apps

6. WhatsApp／Telegram 木馬版應用

Threat: Pre-installed malware found in modified messaging apps, stealing wallet addresses, messages, and seed phrases from unsuspecting users.
威脅：部分經改裝的聊天 app 附有木馬，能竊取你的錢包地址、訊息及助記詞等。
Protection: Use only officially verified messaging apps from trusted sources; avoid sideloading popular apps.
防護：只安裝官方驗證過的聊天 app，不要用來路不明的安裝檔去「側載」。

7. Malicious QR Code Apps

7. 惡意 QR 碼掃描應用

Threat: Fake QR scanning apps quietly redirecting crypto transactions to attacker wallets, especially affecting Android devices.
威脅：假冒 QR 掃描 app 把你的加密轉帳悄悄轉到攻擊者錢包，Android 裝置尤為高危。
Protection: Use built-in phone QR scanners; verify addresses after scanning; uninstall any suspicious apps immediately.
防護：請盡量用手機原生 QR 掃描功能；掃描後記得核對地址；即時移除所有可疑應用。

8. SIM Swap-Enabled Malware

8. 支援 SIM 調包攻擊的惡意軟件

Threat: Malware capturing SMS-based two-factor authentication (2FA) codes from infected devices, facilitating SIM swap attacks on crypto wallets.
威脅：惡意軟件從受感染裝置收集 SMS 2FA 驗證碼，令 SIM 調包騙徒可以入侵你的加密錢包。
Protection: Use app-based or hardware authentication methods rather than SMS; regularly check mobile security settings and unusual SIM activity.
防護：用 app 或硬件 2FA 代替 SMS 驗證，並定期檢查手機安全設定及有無異常 SIM 行為。

9. NFT Minting and Airdrop Scams

9. NFT 發行及空投騙局

Threat: Malware and phishing links spread via social media, promising exclusive NFT mints or token airdrops, designed to drain connected wallets.
威脅：社交媒體傳播惡意程式與釣魚連結，標榜 NFT 新發行或空投，實際目的是清空你連接的錢包。
Protection: Be cautious about unexpected NFT or crypto offers; avoid linking your wallet to unknown or new websites without proper verification.
防護：遇到突如其來的 NFT 或幣種優惠要提高警惕；沒經詳細驗證，切勿將錢包連結到陌生／新網站。

10. Rogue Crypto Wallet Browser Extensions

10. 假冒加密錢包瀏覽器擴充功能

Threat: Fake browser extensions masquerading as popular crypto wallets, siphoning wallet keys and seed phrases from web interactions.
威脅：假冒流行錢包擴充功能，會在你瀏覽網站時偷取錢包私鑰及助記詞。
Protection: Install wallet extensions strictly from official websites; regularly audit installed browser extensions; enable security monitoring tools.
防護：錢包擴充功能必須只從官方網址安裝；定期檢查已安裝的擴充功能；開啟安全監察工具。