Google PlayStore Host to Fake Wallets

Lukas Stefanko, a researcher on mobile security and privacy matters, unearthed multiple fake phishing apps that dealt with cryptocurrency on our favorite, Google PlayStore.

The uncovered phishing apps posed as cryptocurrency wallets for NEO, Tether and for accessing Ethereum (ETH), MetaMask. They were designed to phish users’ mobile banking credentials and credit card information.

Though now removed from PlayStore, these apps when installed and launched requested the user’s private key and wallet password.

The below given apps were fake wallets:

Fake Wallets
Source: lukasstefanko.com

While the fourth was a malicious app that after launch, requests from the user their private key and wallet password.

Source: Google Images

The wallets worked in a way that the attacker’s public address is shown to the victim without user’s access to private key. The key is with the phisher. The user deposits funds into the address of the phisher but can’t withdraw the funds because the key is not with them.

With modern-day app building softwares, no necessary coding requirements are needed. Anyone, with any intent, can make apps that could disrupt thousands of lives. Like the above shown apps that had thousands of combined downloads

‘What concerns me the most is that these fake wallets were created using Drag-n-Drop app builder service without any coding knowledge required. That means that – once Bitcoin price rises and starts to make it into front pages – than literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet.’ Luke Stefanko

A stark reminder that evil can’t be stopped altogether, it can only be kept at bay.

Sarim Mehmood

An electrical engineer to be. Sarim is a blockchain & crypto enthusiast and an early investor in ETH and Ethereum based projects. Contact the editor at editor.opinions@blockpublisher.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.