In line with a recent web blog post published, a researcher named ‘Lukas Stefanko’ has found 4 faux crypto wallets available on the Google’s Play Store that were making an attempt to steal users’ personal information. The apps mentioned themselves as cryptocurrency wallets forNEO, Tetheralong with an extension for accessing Ethereum [ETH], MetaMask. They weresupposedlydesigned to phish users’ mobile banking credentials andmaster-carddata.
Stefanko classified the crypto wallets into2groups,wherebythefauxMetaMask application was a “phishing wallet”and theother remaining3applications were “fake crypto wallets.” Once the phishing app isinstalled and launched by a user, it requests the user’spersonalkey andwallet password,
In a videoconnectedto theweb blogpost, Stefanko explained hisanalysisinto the “fake crypto wallets,” notingthe instanceof thefauxNEOapp dubbed “Neo Wallet”,thathad over1,000 installations since its launch, earlier inOctober.
Thefauxcryptowallet reportedlydidn’tcreateda newwallet through generating a public address and private key —thatarerequiredtofirmlysend and receive digital currency —howeversolelydisplayed the attacker’s public address with no user access to the private key. Thinking that the app generated their public address, users would deposit their fundsto that crypto wallet, but however were unable to withdraw thembecause theprivatekey belonged to some anonymous hacker.
Stefanko noted that the apps were developedemployingthe Drag-n-Drop app builder service,thatdoesn’t needspecificcodingknowledge from the user.This simply suggeststhat just aboutanyoneis in a positionto “develop”an easymalicious application to steal sensitive personal information, “once the Bitcoin [BTC]pricerises.”
The analyst stateswithin thepost that hereportedthefauxapplication to the Google security team,afterwhichthe crypto wallets werelatelyremoved.
Even yesterday, as per a recent news by EtherDesk reportedthat the official Twitter account of Google’s G Suite was compromisedto spreada fake Bitcoin [BTC] giveaway scam.