Malware researcher Lukas Stefanko has discovered four fake cryptocurrency wallets on the Google Play Store. He believes that these wallets were present in the play store with the sole objective of stealing personal data or information of their users.
The apps were present as cryptocurrency wallets imitating legitimate services for NEO, Tether and an extension for accessing Ethereum (ETH), MetaMask. They were purportedly designed to trick users to put in their credentials or impersonate the cryptocurrency wallets.
Fake cryptocurrency apps
In his blog post, Stefanko explained, “Fake cryptocurrency wallets do not create a new wallet by generating public address and private key. These malicious apps only display attacker’s public address without user’s access to private key. Private key is owned by the bad guy.”
“Once the fake app is launched, user thinks that the app has already generated his public address where user can deposit his cryptocurrency. If user send his funds to this wallet, he is not able to withdraw them because, he doesn’t own private key.”
Stefanko classified the wallets into two categories- phishing wallet and fake wallet. While the MetaMask app was a phishing wallet, the other three were fake wallets. Once the phishing app is installed, it asks the user to put in his private key and wallet password.
Fake MetaMask app
The apps were developed using the Drag-n-Drop app builder service, which does not require specific coding knowledge. Stefanko expressed his concerns over the fact that anyone can develop malware and extract personal information and data secretly.
Stefanko’s words on ease of developing fake apps echoed the thoughts of Rick McElroy, strategist at cybersecurity firm Carbon Black, who had earlier highlighted the issue. He had stated that developing and distributing malware was ‘extremely easy.’
The blog post also included a video wherein Stefanko explained his research into the ‘fake wallets,’ noting the example of the fake NEO app dubbed ‘Neo Wallet,” which had over 1,000 installs since its launch in October.
Immediately after identifying the fake wallets, Stefanko reported the issue to the Google security team who promptly removed it.
Just last week, a group of EOS developers from Brazil, warned its users that a fake SimplEOS app was available on the Google Play store and that all measures were being taken to avert any calamities. Another such alert was raised by Poloniex exchange that a look-alike phishing app was present in Google Play store.