A recent discovery shows the presence of phony cryptocurrency wallets found on the Google Play Store. The fight against malicious apps seems not to be ending any time soon.
Fake Wallets: The Latest Scheme by Cryptocurrency Thieves
According to The Next Web, European cybersecurity researcher, Lukas Stefanko, discovered that four fake virtual currency apps claimed to offer wallet services for NEO, MetaMask, and Tether.
Further findings by Stefanko revealed that the fake apps divided into two groups – phishing and plain counterfeit wallets. The fake MetaMask app fell into the phishing category. After the user installs the fake app, it would request for the user’s sensitive details such as private keys and wallet password. Provision of these details would cost the victim his/her virtual coins.
A screenshot by Stefanko showed that the fake MetaMask app had over 500 downloads and a 2.8-star rating by 48 reviewers. The real MetaMask app, however, does not have any app on the Google Play Store but is a web browser extension for Mozilla Firefox, Google Chrome, and Opera.
In contrast, the other group consists of fake wallets, and this is the category into which the other three fake wallets fall. Two of them masqueraded as NEO wallets, while the third pretended to be a wallet for Tether.
The fake apps display the scammer’s public address without access to the private key for the user, as the scammer owns the private key. Any cryptocurrency fund deposited into the fake wallet directly goes to the attacker’s wallet. The user cannot withdraw funds because he/she does not possess the private key.
Furthermore, research showed that the scammers used AppyBuilder, a drag and drop mobile app builder platform, to create the fake apps. Anyone can use the app builder, as coding skill is not a requirement. The number of scammed victims cannot is unclear. Google has, however, removed the fake wallets from its Play Store.
Tech Companies Going Hard on Cryptocurrency
Recently reported was the presence of a fake EOS wallet on Google Play Store. This was the latest attempt by hackers to steal funds from unsuspecting victims. A Brazilian developer company discovered and reported the malicious app to Google who promptly removed the app.
In August, there was also a report another scam app on the Android Google Play Store. Victims paid $390 to an app that called itself “Ethereum,” that claimed to sell one Ethereum for the exorbitant amount. What they got was a picture of the Ethereum logo.
In Q3 of 2018, Google announced the ban of mobile virtual currency mining from Play Store. This was in addition to its earlier mining script ban.
The American tech giant, Apple Inc., also updated its developer guidelines. Part of the new rules banned iPhone users from mining cryptocurrency.