Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
The growing prices and popularity of cryptocurrencies don’t just attract masses of potential users, but also inspire cyber-crooks to find new and creative ways to get their sticky fingers on all those virtual coins. Of course, cryptocurrency scams are not exclusive to PCs and have already emerged on the Android platform, using a wide array of disguises.
Cryptocurrency exchanges are an attractive target for crooks not only due to their popularity with cryptocurrency enthusiasts, but also because many don’t offer a mobile app. Such “unclaimed territory” acts like a magnet for scammers, who waste no time coming up with malicious fakes.
Typically, the purpose of such fake apps is to phish for login credentials to the impersonated official exchange. Attackers then use the stolen credentials to take over the compromised accounts. To lure users into giving away their passwords, crooks try to raise as little suspicion as possible – the developer name, app icon and user interface usually mimic those of the legitimate service, and the app may even appear to have a good overall rating thanks to fake reviews.
Recent cases of these scams are phishing apps, discovered on Google Play last year and resurfacing frequently ever since, that impersonate the cryptocurrency exchange Poloniex.
Similar phishing schemes also afflict users of cryptocurrency wallets, only instead of a password, the attackers are directly after the wallets’ private keys and phrases. In practice, this means that the stakes are higher for users of cryptocurrency wallets – a stolen password to a cryptocurrency exchange may be reset with the help of the exchange holding the user’s private key, but in the case of a wallet, it’s the private key that gets compromised, with no one else to save the day.
Lately, we’ve observed this kind of malicious behavior in apps impersonating MyEtherWallet, a popular, open-source, Ethereum wallet. The apps, uploaded to Google Play multiple times over recent months, attempt to steal users’ private keys and/or mnemonic phrases using various bogus login forms. Like the Poloniex exchange, MyEtherWallet doesn’t have an official mobile app, which makes it attractive for imposters.
Besides phishing apps, we’ve also analyzed fake cryptocurrency wallets that merely try to trick victims into transferring coins to the attackers’ wallets. Such wallet address scams follow a simple procedure – they pretend to generate a public key for a new wallet and instruct users to send their digital coins to the generated address. If users follow this instruction, they soon find that the coins they sent are gone.
With the recent boom in cryptocurrency mining, the number of Android-based miners has also been rising. Whether a crypto-mining app is considered malicious comes down to consent – are users knowingly using their device for cryptocurrency mining, or is the device being hijacked with someone else making the profit? When the latter is the case, we speak of crypto-mining malware.
Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between 1 and 5 million times, has been secretly mining the cryptocurrency Monero on users’ devices.
A separate category of cryptocurrency scams belongs to apps that pretend to mine cryptocurrency for the user, but in reality, don’t do much else than display ads. Some of the fake miners we’ve analyzed also try to trick users into rating them with 5 stars. While these apps aren’t malware per se, we consider them unwanted due to their deceptive nature.
Interestingly, the fraudsters behind some fake miners don’t seem to worry about the infeasibility of their promises – besides countless fake bitcoin miners, we have also found apps that promise to mine the cryptocurrency Ripple (XRP), a non-minable currency by definition.
All the apps mentioned above are detected and blocked by ESET systems and have been suspended from the Google Play store. Users with Google Play Protect enabled are protected via this mechanism.
Here’s what you can do to avoid falling victim to cryptocurrency scams on Android:
To read more about Android-based cryptocurrency scams and their go-to tricks and techniques, read ESET’s white paper: Cryptocurrency scams on Android.
This article was originally published here.