In line with a recent web blog post published, a researcher named ‘Lukas Stefanko’ has found 4 faux crypto wallets available on the Google’s Play Store that were making an attempt to steal users’ personal information. The apps mentioned themselves as cryptocurrency wallets for NEO, Tether along with an extension for accessing Ethereum [ETH], MetaMask. They were supposedly designed to phish users’ mobile banking credentials and master-card data.
Stefanko classified the crypto wallets into 2 groups, whereby the faux MetaMask application was a “phishing wallet” and the other remaining 3 applications were “fake crypto wallets.” Once the phishing app is installed and launched by a user, it requests the user’s personal key and wallet password,
In a video connected to the web blog post, Stefanko explained his analysis into the “fake crypto wallets,” noting the instance of the faux NEO app dubbed “Neo Wallet”, that had over 1,000 installations since its launch, earlier in October.
The faux crypto wallet reportedly didn’t created a new wallet through generating a public address and private key — that are required to firmly send and receive digital currency — however solely displayed the attacker’s public address with no user access to the private key. Thinking that the app generated their public address, users would deposit their funds to that crypto wallet, but however were unable to withdraw them because the private key belonged to some anonymous hacker.
Stefanko noted that the apps were developed employing the Drag-n-Drop app builder service, that doesn’t need specific coding knowledge from the user. This simply suggests that just about anyone is in a position to “develop” an easy malicious application to steal sensitive personal information, “once the Bitcoin [BTC] price rises.”
The analyst states within the post that he reported the faux application to the Google security team, after which the crypto wallets were lately removed.
Even yesterday, as per a recent news by EtherDesk reported that the official Twitter account of Google’s G Suite was compromised to spread a fake Bitcoin [BTC] giveaway scam.