Cryptocurrency scams on Android: do you know what to watch out for?

Cryptocurrency_scams-623x432

The growing prices and popularity of cryptocurrencies don’t just attract masses of potential users, but also inspire cyber-crooks to find new and creative ways to get their sticky fingers on all those virtual coins. Of course, cryptocurrency scams are not exclusive to PCs and have already emerged on the Android platform, using a wide array of disguises.

Fake cryptocurrency exchange apps

Cryptocurrency exchanges are an attractive target for crooks not only due to their popularity with cryptocurrency enthusiasts, but also because many don’t offer a mobile app. Such “unclaimed territory” acts like a magnet for scammers who waste no time coming up with malicious fakes.

Typically, the purpose of such fake apps is to phish for login credentials to the impersonated official exchange. Attackers then use the stolen credentials to take over the compromised accounts. To lure users into giving away their passwords, crooks try to raise as little suspicion as possible – the developer name, app icon and user interface usually mimic those of the legitimate service, and the app may even appear to have a good overall rating thanks to fake reviews.

A recent case of this type of scam are phishing apps impersonating the cryptocurrency exchange Poloniex, discovered on Google Play last year and frequently resurfacing ever since.

Figure1
Figure 1 – The fake Poloniex apps on Google Play

Fake cryptocurrency wallet apps

Similar phishing schemes also afflict users of cryptocurrency wallets, only instead of a password, the attackers are directly after the wallets’ private keys and phrases. In practice, this means that the stakes are higher for users of cryptocurrency wallets – a stolen password to a cryptocurrency exchange may be reset with the help of the exchange holding the user’s private key, but in the case of a wallet, it’s the private key that gets compromised, with no one else to save the day.

Lately, we’ve observed this kind of malicious behavior in apps impersonating MyEtherWallet, a popular, open-source, Ethereum wallet. The apps, uploaded to Google Play multiple times over recent months, attempt to steal users’ private keys and/or mnemonic phrases using various bogus login forms. Like the Poloniex exchange, MyEtherWallet doesn’t have an official mobile app, which makes it attractive for imposters.

Figure2.png
Figure 2 – The fake MyEtherWallet apps on Google Play

Besides phishing apps, we’ve also analyzed fake cryptocurrency wallets that merely try to trick victims into transferring coins to the attackers’ wallet. Such wallet address scams follow a simple procedure – they pretend to generate a public key for a new wallet and instruct users to send their digital coins to the generated address. If users follow this instruction, they soon find that the coins they sent are gone.

Figure3-768x327.png
Figure 3 – Wallet address scam apps targeting users of various cryptocurrencies

Android crypto-mining malware

With the recent boom in cryptocurrency mining, the number of Android-based miners has also been rising. Whether a crypto-mining app is considered malicious comes down to consent – are users knowingly using their device for cryptocurrency mining, or is the device being hijacked with someone else making the profit? When the latter is the case, we speak of crypto-mining malware.

Recently, we have discovered that a version of the popular game Bug Smasher, installed from Google Play between 1 and 5 million times, has been secretly mining the cryptocurrency Monero on users’ devices.

Figure4.png
Figure 4 – The Bug Smasher app with hidden mining functionality

Fake crypto-miners and free giveaways

A separate category of cryptocurrency scams belongs to apps that pretend to mine cryptocurrency for the user, but in reality don’t do much else than display ads. Some of the fake miners we’ve analyzed also try to trick users into rating them with 5 stars. While these apps aren’t malware per se, we consider them unwanted due to their deceptive nature.

Interestingly, the fraudsters behind some fake miners don’t seem to worry about the infeasibility of their promises – besides countless fake bitcoin miners, we have also found apps that promise to mine the cryptocurrency Ripple (XRP), a non-minable currency by definition.

Figure5-768x381.png
Figure 5 – Fake Ripple miners on Google Play

How to stay safe

Here’s what you can do to avoid falling victim to cryptocurrency scams on Android:

  • Treat cryptocurrency exchanges and wallets with the same level of caution as your mobile banking apps.
  • When downloading a mobile app for a cryptocurrency exchange or wallet, make sure the service really offers a mobile app. The official app should be linked on the service’s official website.
  • If the option is available, use 2-factor-authentication to protect your exchange or wallet accounts with an extra layer of security.
  • When downloading apps from Google Play, pay attention to their number of downloads, as well as app ratings and reviews.
  • Keep your Android device updated and use a reliable mobile security solution to protect it from the latest threats.

To read more about Android-based cryptocurrency scams and their go-to tricks and techniques, read ESET’s white paper: Cryptocurrency scams on Android.

written by Lukas Stefanko, We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s