Google Boots Four Malicious Crypto Apps from Play Store

Google Boots Four Malicious Crypto Apps from Play Store

Despite attempts to weed out fake cryptocurrency apps on the Android marketplace, the war is far from being won.

Cybersecurity researcher Lukas Stefanko recently came across four fake crypto apps in the Google Play Store that impersonated Ethereum wallet MetaMask, as well as the Tether and NEO cryptocurrencies. According to Stefanko, the apps have been on the Android marketplace for weeks now and had been downloaded several hundred times. The apps were removed from the Google Play Store as soon as they were reported.

‘Phishing’ Expedition

Stefanko identified the MetaMask app as a phishing application intended to harvest the private key and the wallet password of the user. The rest were fake wallets which when launched were intended to dupe users into thinking that a public address had already been generated when it had not. This was with the intention of leading the user to send funds to the wallet, whose private keys are owned by the creator of the fake wallet. Once sent, the user cannot withdraw these funds since they don’t own the private keys.

Per Stefanko, the fake wallets were created using an app builder service that requires little or no coding skills. With such a low barrier of entry, Stefanko warned, the problem of malicious cryptocurrency apps is likely to continue to get worse.

“That means that – once Bitcoin price rises and starts to make it into front pages – than [sic] literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet,” wrote Stefanko in the blog post.

Chrome Web Store

Besides malicious apps on the Google Play Store that the online search giant has had to constantly take down as new ones come up, Google has also experienced similar problems on the marketplace of its Chrome browser. Early last month, Google announced a ban on browser extensions that possess crypto mining capabilities.

Prior to the move, the Chrome Web Store only required developers to explicitly inform users that it was a crypto mining script for such apps to be accepted. This was, however, largely ignored by developers as Google revealed earlier this year that around 90 percent of all the extensions that contained crypto mining scripts had failed to comply with the set policies.

As Google revealed at the time, identifying the offending apps was aided by machine learning:

Featured Image from Shutterstock

18.11.2018 / 15:00 51
Fake Mobile Cryptocurrency Wallet Apps Found on Google Play Store Fake Mobile Cryptocurrency Wallet Apps
A recent discovery shows the presence of phony cryptocurrency wallets found on the Google Play Store. The fight against malicious apps seems not to
Despite Ban, 25 Google Play Apps Found to Cryptojack Users Despite Ban, 25 Google Play Apps Found
Sophoslabs has published a report in which the company claims to have identified at least 25 Android apps published on the official Google Play store
Bitcoin Mining Apps Still Live on Google Play Despite Ban Bitcoin Mining Apps Still Live on
Google is reportedly hosting cryptocurrency mining applications in Play Store, despite a ban imposed last month. Google’s revised terms of service
Android App Scam Tricks Users into Buying Fake Ethereum Android App Scam Tricks Users into
If you are an Android user looking to download cryptocurrency applications, be careful of malicious app developers masquerading themselves as
Ethereum Scam Swindles Over $40,000 From Unsuspecting Android Users Ethereum Scam Swindles Over $40,000
$400 For A Logo… Woops  For years, the cryptocurrency industry has been rife with unbridled creativity from an amassment of individuals. While this
MyEtherWallet User Activity Compromised for Hola VPN Users MyEtherWallet User Activity Compromised
A fake version of the Hola VPN was uploaded to the Google Play Store on July 9 which compromised MyEtherWallet (MEW) for those who downloaded it. MEW
Comments (0)
Add a comment
Comment on