So far, these fake Android app developers have managed to steal money from 93,000 users and raked in around $350,000.
Lookout Threat Lab security researchers identified more than 170 fake Android applications, out of which 25 were available on Google Play and scammed people interested in investing in cryptocurrencies.
As for the apps on third-party sites; most of them are still available globally and promise to provide “cloud cryptocurrency mining services for a fee.” However, the further probe revealed that no such mining activity takes place. It is assumed that tens of thousands of crypto enthusiasts might have already paid for non-existent services.
“After analyzing the code and network traffic, we also discovered the apps display a fictitious coin balance and not the number of coins mined,” researchers noted.
Moreover, users cannot withdraw coins unless their account balance reaches a minimum limit, and since balances are frequently reset to zero, this milestone is hardly ever achieved. The good news is that Google has removed the malicious apps from Play Store.
Apps Separated into Two Groups
According to Lookout Threat Lab researchers, the apps have been categorized into two groups, BitScam and CloudScam. However, it is worth noting that the apps use similar business models, coding, and design, which indicates that multiple threat actors are working in conjunction to target users.
Their “raison d’être is to steal money from users through legitimate payment processes” without delivering the promised services.
“The majority of BitScam and CloudScam apps are paid…. the threat actors pocket the money from those app sales….What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options.”
93,000 Users Affected, $350,000 Scammed
Researchers noted that so far, these fake app developers have managed to steal money from 93,000 people and raked in around $350,000, which unsuspecting users paid for buying fake apps, and non-existent upgrades and services.
The fraudsters stole around $300,000 from the sales of the fraudulent apps and earned an additional $50,000 in crypto from victims for additional services.
How Are Users Trapped?
The process of scamming users is more or less the same for both categories of fake apps. The apps promise them access to cryptocurrency mining services so that they could make a quick buck. The scammers reportedly charge for the app download, subscription upgrades, and virtual hardware, which users buy expecting to increase coin mining rates.
The process of scamming users is explained by Lookout security researchers Ioannis Gasparis.
“After successfully logging in, a user is greeted with an activity dashboard that displays the available hash mining rate as well as how many coins they have ‘earned.’ The hash rate displayed is typically very low in order to lure the user into buying upgrades that promise faster mining rates.”
The virtual hardware cost range between $12.99 to $259.99. Users can purchase it through Google Pay or by transferring Bitcoin or Ethereum to the developer’s wallet.
Nevertheless, cryptocurrency investment is a lucrative business therefore do it while being vigilant and don’t fall for these scams.