Google Play Store Consists of Fake Crypto Wallet Apps
November 15, 2018 12:03 pm
Lukas Stefanko, a malware researcher, has found four fake digital currency wallets on Google Play Store. According to Stefanko’s blog, these fake cryptocurrency wallets intends to steal users’ personal data.
The malware researcher tracked fake applications named as cryptocurrency wallets for NEO, Tether and also an extension for accessing Ethereum, (ETH) MetaMask. According to Stefanko, these applications aim to phish users’ mobile banking credentials and credit card information.
Stefanko divided the wallets into two groups, the fake MetaMask app as “phishing wallet” and three other apps as “fake wallets.” After installing he phishing app, users are required to use their private key and wallet password. Through this method, scammers can quickly get the user’s information.
Lukas Stefanko also uploaded a video on YouTube that explains his research into “fake wallets.” He said that the fake NEO app named “Neo Wallet” had more than 1,000 installs since its launch in October.
According to the malware researcher, these fake cryptocurrency wallets did not create a new wallet by generating a public address and a private key. These are required to send and receive digital currency securely. But the wallets had displayed the attacker’s public address with no user access to the private key. The criminals thought that users would deposit their funds to the wallet. Unfortunately, they were unable to withdraw the money as the private key belongs to the cybercriminal.
Stefanko said that these applications are developed using the Drag-n-Drop app builder service. The drag and drop feature does not require specific coding knowledge from the user. According to him, anyone can build a simple malicious app to steal sensitive personal data. He added that these actions could take place more in numbers when Bitcoin’s price start rising.
The researcher said that he reported the fake apps to the Google security team and the Google Play Store removed the wallets.