After non-stop malware attacks, Android users have a couple of new threats to worry about and these include cryptocurrency miners and fake wallets on Google Play Store. In October this year, it was reported that a Monero mining malware was hiding behind three utility apps and used the computing power of Android devices to generate digital coins.
Fake Bitcoin wallet apps on Google Play
Now, the IT security researchers at Lookout have found three fake Bitcoin wallet apps on Play Store developed with the intention to steal Bitcoin-related data from users. Thanks to its sudden price hike, everyone wants Bitcoins and hackers are ever ready to exploit at every turn.
How did it work
According to Lookout blog post, all three fake wallet apps tricked users into sending bitcoin payments to attacker-specified bitcoin addresses. The researchers dubbed these type of apps as “PickBitPocket.” An app infected with PickBitPocket works in such a way that it poses as an authentic Bitcoin wallet but instead are set up to trick victims into providing the attacker’s bitcoin address instead of the seller’s.
“An individual is selling some goods or services and allows payment in bitcoin. The seller provides a bitcoin address to the buyer for the payment. If the seller is using a PickBitPocket wallet app, he will instead send the attacker’s bitcoin address to the buyer, in effect routing the bitcoin payment to the attacker,” explained researchers.
Here is the list of fake Bitcoin wallet apps:
1: Bitcoin Mining
The first app that was identified by Lookout researchers was called Bitcoin Mining developed by Pyramix Studio. It had more than 1000, to 5000 installs while one of the users wrote in the menu section that “This app tried to steal my Google password.”
According to app’s description, the developer claimed “Bitcoin Mining” is “the most reliable and highest paying app available” while in reality, it was stealing data once installed on the device.
2: Blockchain Bitcoin Wallet – Fingerprint
The second malicious app was called “Blockchain Bitcoin Wallet – Fingerprint” and had 5,000 to 10,000 installs claiming to provide buy and sell service for the digital currency. A look at its reviews, one can see that users had no idea what the application actually does.
3: Fast Bitcoin Wallet
The third app was “Fast Bitcoin Wallet” that claimed to provide best digital currency experience on Android devices. However, in reality, it stole user credentials including buyer’s Bitcoin wallet address.
Image credit: Lookout/GooglePlay
Google boots off all three apps
Thanks to Lookout researchers for reporting their findings to Google who booted off all three apps immediately, but the bad news is that these apps were scamming users for last several months. For instance, Bitcoin Wallet app was up and running since June 2017.
Not for the first time
This is not the first time when Google removed apps which were stealing users’ personal data and using their device to steal and mine cryptocurrencies. A couple of days ago, Kaspersky researchers found Loapi malware that targets Android devices in five different ways including physically damaging a phone, conducting DDoS attacks, run fraud scheme and mine cryptocurrencies using the computing power of an infected device.
Android users beware
If you are an Android user it is time to be vigilant and follow these steps to protect your device against serious threats:
1: Do not install unnecessary apps 2: Do not install apps from third-party stores and stay vigilant while downloading an app from Google Play Store. 3: Do not save important passwords on your device 5: Back up your phone on regular basis. 4: Use an antivirus program
You can also check these 7 Android security tips we have compiled for Android users.
