Malicious App Phishing Crypto Login Details
November 3, 2018 2:51 pm
Even though Google has been cracking down on malicious cryptocurrency apps for years, it seems that another cryptocurrency app has been able to slip through the review process.
Lukas Stefanko, a security and malware researcher published a video about this malicious app and explained how it was distributed through Google’s Play store and is stealing unsuspecting user’s sensitive data.
The app in question was released as a currency conversion tool. It was named as Easy Rates Converter. The actual intent of this app is to steal personal user credentials for existing legitimate apps. The malicious mobile application targeted the apps of CommBank, Google Play and even Binance, the world’s largest cryptocurrency exchange. As per Stefanko, the app has been downloaded over 500 times.
As the app is downloaded by the user, it works as advertised. However, behind the scenes, it also downloads and installs phishing malware which looks like an Adobe Flash update. Notably, Adobe Flash and Java updates have been a frequently used way to scam users into installing harmful software onto their devices.
Once the malware is installed, it silently waits in the background for the opportunity to make its move. When the user opens an app like Binance, the malware creates an overlay that is placed on top of the legit app. As the user enters their credentials, the information is recorded and sent to the phishers.
This strategy allows the malicious app to gain access to regular banking apps as well which is alarming.
The app has been removed from the Google Play store. Malwares like these are hard to spot as the app does work as advertised. Stefanko has said that users should check the rating and reliability of the app publisher and stick with apps that are verified to ensure security.