Four Fake Cryptocurrency Wallets Found on Google Play Store

Published at: Nov. 15, 2018

Malware researcher Lukas Stefanko has found four fake cryptocurrency wallets on the Google Play Store that were trying to steal users’ personal data, according to a blog post published Nov. 13.

The apps were posing as cryptocurrency wallets for NEO, Tether and an extension for accessing Ethereum (ETH), MetaMask. They were purportedly designed to phish users’ mobile banking credentials and credit card information.

Stefanko classified the wallets into two groups, wherein the fake MetaMask app was a “phishing wallet” and the other three apps were “fake wallets.” Once the phishing app is installed and launched, it requests the user's private key and wallet password.

In a video attached to the blog post, Stefanko explained his research into the “fake wallets,” noting the example of the fake NEO app dubbed “Neo Wallet”, which had over 1,000 installs since its launch in October.

The fake crypto wallets reportedly did not create a new wallet through generating a public address and a private key — which are needed to securely send and receive digital currency — but only displayed the attacker’s public address with no user access to the private key. Thinking that the app generated their public address, users would deposit their funds to that wallet, but were unable to withdraw them as the private key belonged to a cybercriminal.

Stefanko noted that the apps were developed using the Drag-n-Drop app builder service, which does not require specific coding knowledge from the user. This means that nearly anyone is able to “develop” a simple malicious app to steal sensitive personal data, “once the Bitcoin (BTC) price rises,” according to Stefanko.

The analyst states in the post that he reported the fake apps to the Google security team, after which the wallets were subsequently removed.

Just yesterday, Cointelegraph reported that the official Twitter account of Google's G Suite was supposedly compromised to promote a Bitcoin (BTC) giveaway scam. Scammers reportedly spread a message luring users to participate in a fraudulent 10,000 BTC giveaway.

Tags
Neo
Related Posts
Most Significant Hacks of 2019 — New Record of Twelve in One Year
Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches. As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s …
Ethereum / Jan. 5, 2020
Fake Crypto Wallet App Imitating Trezor Found on Google Play Store
Fraudsters have been adding fake cryptocurrency wallets to the Google Play store in an attempt to cash in on rising bitcoin (BTC) prices, ESET antivirus researchers claimed on May 23. One malicious app imitated the hardware wallet Trezor — and the investigation found that the software had ties to another fake app that has the potential to scam unsuspecting users out of money. While the app’s page on Google Play looked legitimate, the researchers said the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials. According to ESET, more than 1,000 users had …
Ethereum / May 23, 2019
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Riviera Beach City Council Agrees to Pay $600,000 in BTC to Ransomware Attackers
The city council of Riviera Beach, Florida has agreed to pay nearly $600,000 worth of Bitcoin (BTC) to regain access to data encrypted in a hacker attack, the New York Times reported on June 19. On May 29, the city experienced “a data security event” when a police department employee opened an allegedly infected email attachment, which eventually resulted in the online system breakdown. The hackers allegedly encrypted government records, blocking access to critical information and leaving the city without an ability to accept utility payments other than in person or by regular mail. A city spokeswoman, Rose Anne Brown …
Bitcoin / June 20, 2019
Report: Crypto-Related Fraud and Theft Resulted in $4.4B Loss in 2019
In 2019, the total volume of cryptocurrency-related fraud and theft resulted in losses worth $4.4 billion, according to CipherTrace’s report for the third quarter of 2019. In its “Cryptocurrency Anti-Money Laundering Report, 2019 Q3,” security research firm CipherTrace delved into the 120 most popular cryptocurrency exchanges’ compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements and analyzed patterns in crypto-related crimes. Decline in crypto crime volume and weak KYC standards Per the report, Q3 2019 saw a notable reduction in total cryptocurrency crimes as compared with previous quarters, and thus the lowest quarterly thefts and scams in two …
Bitcoin / Nov. 27, 2019