How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase

During the course of our work at Confiant, we see malicious activity on a daily basis. What matters the most for us is the ability to:

• Protect our existing customers.
• Share unique threat intelligence.
• Keep finding unique vantage points for better detection.
• At Confiant we monitor 2.5+ billion ads per day thanks to our 110+ integrations in the advertising stack allowing us to protect 40K premium websites from bad ads.

That itself gives us great visibility on malicious activity infiltrating the ad stack and the broader Internet, powered by our proprietary uncloaking technology. And that includes all the web3 malicious activity funneling thru it.

The variety and the range of our detection enable us to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.

What is SeaFlower?

SeaFlower is a cluster of activity that we identified earlier this year in March 2022. We believe SeaFlower is the most technically sophisticated threat targeting web3 users, right after the infamous Lazarus Group.

Read the full article on Medium here