Cryptocurrency scams on Android: do you know what to watch out for?

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The growing prices and popularity of cryptocurrencies don’t just attract masses of potential users, but also inspire cyber-crooks to find new and creative ways to get their sticky fingers on all those virtual coins. Of course, cryptocurrency scams are not exclusive to PCs and have already emerged on the Android platform, using a wide array of disguises.

Fake cryptocurrency exchange apps
Cryptocurrency exchanges are an attractive target for crooks not only due to their popularity with cryptocurrency enthusiasts, but also because many don’t offer a mobile app. Such “unclaimed territory” acts like a magnet for scammers who waste no time coming up with malicious fakes.

Typically, the purpose of such fake apps is to phish for login credentials to the impersonated official exchange. Attackers then use the stolen credentials to take over the compromised accounts. To lure users into giving away their passwords, crooks try to raise as little suspicion as possible – the developer name, app icon and user interface usually mimic those of the legitimate service, and the app may even appear to have a good overall rating thanks to fake reviews.

A recent case of this type of scam are phishing apps impersonating the cryptocurrency exchange Poloniex, discovered on Google Play last year and frequently resurfacing ever since.
Click to expand...

Fake cryptocurrency wallet apps
Similar phishing schemes also afflict users of cryptocurrency wallets, only instead of a password, the attackers are directly after the wallets’ private keys and phrases. In practice, this means that the stakes are higher for users of cryptocurrency wallets – a stolen password to a cryptocurrency exchange may be reset with the help of the exchange holding the user’s private key, but in the case of a wallet, it’s the private key that gets compromised, with no one else to save the day.

Lately, we’ve observed this kind of malicious behavior in apps impersonating MyEtherWallet, a popular, open-source, Ethereum wallet. The apps, uploaded to Google Play multiple times over recent months, attempt to steal users’ private keys and/or mnemonic phrases using various bogus login forms. Like the Poloniex exchange, MyEtherWallet doesn’t have an official mobile app, which makes it attractive for imposters.
Click to expand...
 
  • Like
Reactions: upnorth and harlan4096
You must log in or register to reply here.

Similar threads

silversurfer
    • +Reputation
    • Like
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
Replies
0
Views
730
News Archive
silversurfer
silversurfer
Bot
    • Like
    • Wow
Security News Trezor's Twitter account hijacked by cryptocurrency scammers via bogus Calendly invite
Replies
0
Views
1,129
Security News
Bot
Bot
silversurfer
    • +Reputation
    • Like
New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer
Replies
0
Views
953
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top