Malicious Cryptocurrency App Seen In Google Play Store

By Steven Anderson November 4, 2018 Off
Malicious Cryptocurrency App

An app that was promoted as a currency converter was found to be running phishing software at the background of the device.  This app was designed in a way to steal the details of cryptocurrency owners.  Ultimately, these details would have been used to steal the security tokens and to steal crypto.

After identifying the hidden object of the app, Google has taken down the app.

Plenty of cryptocurrency apps are found in the Google Play Store.  The very purpose of apps is to make the trading and managing of cryptocurrency easier for the users.  However, there are tricky issues arising due to malicious cryptocurrency apps that developers intentionally develop with fraudulent motives.  These apps are developed to serve as phishing tools.

There are several platforms that hold on to such problem apps until they understand the hidden malicious motives.  Despite close monitoring, some of the malicious apps make it to the store.  This is the case with “Easy Rates Converter”.

Google did not know it until they came across the video by Lukas Stefanko who showed how the app distributed by Google Play Store can be used to steal user info.  The app managed to be there in the store until the story was exposed.

The app was originally advertised as a tool that can be used for converting the currency rates.  However, it is now uncovered that it has a way of stealing the information of cryptocurrency wallet holders. This app was particularly targeting the wallet users who had an account with many other widely used cryptocurrency wallet apps like CommBank, Google Play, and the official Binance app.

When this video was released, the app had already been downloaded for more than 500 times.

The scam has a routine strategy in the stealing.  When the app is downloaded it works pretty normally. Without the knowledge of the user, the app installs a phishing application in the background, and the users who are unaware of this application continue to use this.

This application is designed in a way to trigger an update which asks for Adobe Flash update.  This is very commonly used by most of the hackers who design such apps.

This app will duplicate a page that resembles the page of other legitimate cryptocurrency apps that the user might have, and it will ask for the log in details. The app now collects the information and sends it to the hackers who are targeting to get this information.

On a broader scale, this kind of hacking is likely to happen not only for cryptocurrency apps but also for regular banking accounts.

Google has now taken the app out of their platform.  However, this now brings before the large numbers of apps that are waiting to target the identity of cryptocurrency users.

Cryptocurrency wallet holders are warned to be aware of such fake and malicious apps, which goes to establishing that it is good to use only official apps from well-known platforms.