According to a recently released blog post, malware researcher Lukas Stefanko has identified four counterfeit cryptocurrency wallets on Google’s Play Store. The blog post outlines that these four wallets were attempting to steal the personal data of users.
These apps were disguised as standard cryptocurrency wallets for Tether, NEO and MetaMask. Their primary purpose was to phish out the credit card and mobile banking information and credentials from unsuspecting users.
Fake Apps Exposed
In his report, Stefanko categorized the fake wallets into two distinct groups. The first group comprised the fake MetaMask app, which he identified as a “phishing wallet” while the second that included the remaining apps he classified as “fake wallets.”
According to him, after a user has installed the said phishing app and launched it, it subsequently asks them to type their wallet password and private key.
Stefanko further explained his research findings in a detailed video attached to the blog post. In the video, he also expounds on his research on “fake wallets” and particularly identifies the fake NEO app which is popularly known as “Neo Wallet,” as one of the examples.
Surprisingly, however, despite this wallet being a fraud, he noted that it had more than 1,000 installs from when it launched in October.
How the Apps Operated
Unlike the standard crypto wallets, these four apps skipped the process of creating a new wallet by generating both a private key and public address, features which are necessary to facilitate secure crypto transactions. These fake apps only displayed the public address of the user alone, without the provision that allows users to access the private key.
Assuming that the fake apps had already created their public address, unsuspecting users would then deposit their funds to these wallets only to find that they were unable to make withdrawals since the creators of the apps owned the private key.
Stefanko also noted that the creators of these apps made use of the Drag-n-Drop app builder facility, a service that does not mandate for the user to have specific coding expertise and knowledge. In essence, virtually anyone can develop a similarly malicious app and proceed to steal personal user data. According to Stefanko, such cases can significantly increase particularly when the price of Bitcoin surges.
In the video, the malware expert also outlines that after the discovery, he made contact with the security team at Google to report the incident, after which he also outlines that the fake apps were consequently pulled down from the platform.