Fake cryptocurrency apps on Google Play try to profit on bitcoin price surge

CAVEAT EMPTOR —

Researchers uncover two purported wallets uploaded after bitcoin prices rise.

Dan Goodin

Fake cryptocurrency apps on Google Play try to profit on bitcoin price surge

Google’s official Play Store has been caught hosting malicious apps that targeted Android users with an interest in cryptocurrencies, researchers reported on Thursday.

In all, researchers with security provider ESET recently discovered two fraudulent digital wallets. The first, called Coin Wallet, let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.

“The app claims it lets users create wallets for various cryptocurrencies,” ESET Malware Researcher Lukas Stefanko wrote in a blog post. “However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets—a classic case of what we named wallet address scams in our previous research of cryptocurrency-targeting malware.”

The app was available from February 7 to May 5. The full name was Coin Wallet—bitcoin, Ripple, Ethereum, Tether. During its tenure, it was installed more than 1,000 times.

A second fraudulent Android wallet used the name “Trezor Mobile Wallet,” in an attempt to impersonate the widely used hardware cryptocurrency wallet Trezor. The app then instructed users to enter log-in data and sent it to a server controlled by the developers. Multiple security layers built into real Trezor wallets prevented any credentials entered from accessing legitimate accounts. Still, any email addresses or other personal data could potentially be used in phishing attacks.

Stefanko said the fake Trezor app listing on Play appeared to be trustworthy at first glance because the name, developer name, app category, app description, and images all seemed legitimate. It also appeared as the second result when searching Play for “Trezor.”

Once installed, however, it was easily identified as a fake. The icon shown on phone screens was distinctly different than the genuine Trezor app and even showed the words “Coin Wallet” in it. It’s not hard to see why it was spotted as a fake in this Reddit forum, dated May 12. Stefanko said the app was uploaded to Google Play on May 1. A Reddit user reported it had “50+ downloads” when it was outed as fake.

Both apps connected to the same coinwalletinc[.]com domain. Google has since removed both apps from Play.

The discovery comes aa the price of bitcoin surged earlier this month to its highest level since last July. “Not surprising,” Stefanko wrote, “cybercrooks were quick to notice this development and started upping their efforts in targeting cryptocurrency users with various scams and malicious apps.”

Read More

Did you like this?
Tip Cryptos UK with Cryptocurrency

Donate Bitcoin to Cryptos UK

Scan to Donate Bitcoin to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Cryptos UK

Scan to Donate Bitcoin Cash to Cryptos UK
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Cryptos UK

Scan to Donate Ethereum to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Cryptos UK

Scan to Donate Litecoin to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Cryptos UK

Scan to Donate Monero to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Cryptos UK

Scan to Donate ZCash to Cryptos UK
Scan the QR code or copy the address below into your wallet to send some ZCash:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.