Fake bitcoin wallet apps have emerged in the Apple iTunes App Store, potentially putting bitcoin accounts at risk and reinforcing the need for people to make sure they are downloading apps from official wallet websites, according to Kyt Dotson, a senior editor at Silicon Angle.
A representative of Breadwallet, a bitcoin app available in App Store and Google Play, has posted a notice on Reddit listing a number of fake bitcoin wallet apps in the iTunes App store, calling into question Apple’s vetting process.
The fake apps have names similar to the official mobile wallet apps, but they can leave users vulnerable to having their accounts compromised.
The Reddit post noted Apple would hopefully disable the fake apps.
In the meantime, wallet users are advised to use links provided on the wallets’ official websites rather than going through iTunes or Google Play. This way, a user can be sure the wallet app they want to download is the one intended to be downloaded.
A fake “GreenAddress” wallet on iTunes, for example, has an ID number of “id1139753685.” When Silicon Angle went to GreenAddress’s website, it opens up a page for the official GreenAddress iOS app with a different ID number than the one in iTunes.
The fake GreenAddress wallet also says that it is from “Green Address,” but the official GreenAddress wallet lists “Jersey Studios” as its developer.
The Breadwallet Reddit post noted a fake app was added on July 29 that used the same name and icon as the official Breadwallet app.
Apple did not remove the fake Breadwallet app until a few customers inadvertently downloaded the fake app and lost funds, despite the fact that Breadwallet had contacted Apple immediately.
John Casaretto, the founder of BlackCert, an SSL security certificate company, said Apple’s ecosystem has been relatively impenetrable against nefarious applications, junk, and malware for a long time. However, that is no longer the case. The Apple Developer Program, the application development signing certificates, and the application review process, have been negated by a few malicious apps.
Assumptions can get people into trouble, Casaretto said, particularly when a financial target like bitcoin is involved. He said it is safest to source official apps.
Nor is it the first time mobile apps have emerged that can target people with bitcoin wallets.
Third party, downloadable Android apps, some infected with malware, have existed since the beginning of Pokemon GO. Such backdoor apps can compromise the security of bitcoin wallets stored on the same mobile device.
The problem is not restricted to iTunes. Fake apps get into Google Play for Android and other marketplaces.
In 2012, there were numerous fake apps in Google Play, many of which were Trojans masquerading as games and other apps.
In 2016, malware infected apps named “porn clicker” spread through the Android ecosystem.
A report from Kaspersky Lab, the security consultancy, noted mobile malware tripled in 2015 over 2014, with 884,774 new malicious programs detected. Mobile banking Trojans, which are fake apps designed to look like mobile banking apps, dropped to 7,030 from 16, 586 in 2014, but it’s still an alarming number.
Dotson recommended a resource from MalwareBytes Lab. Number 4, “install anti-virus,” and number 5, “download only from trusted sites,” are needed to protect against mobile malware.
There are anti-virus products for mobile such as Avast, Lookout, Avira and Antivirus, for which there are iTunes and Android versions.
On Reddit, breadwallet_dan listed the following offending apps:
GreenAddress – Bitcoin Wallet https://itunes.apple.com/us/app/greenaddress-bitcoin-wallet/id1139753685?mt=8
Simple Bitcoin Wallet https://itunes.apple.com/us/app/simple-bitcoin-wallet/id1138700421?mt=8
Simple Bitcoin Wallet ™ https://itunes.apple.com/us/app/simple-bitcoin-wallet/id1140433170?mt=8
GreenBits Bitcoin Wallet https://itunes.apple.com/us/app/greenbits-bitcoin-wallet/id1138675915?mt=8
Bitcoin Wallet https://itunes.apple.com/us/app/bitcoin-wallet/id1137555856?mt=8
Bitcoin Armory Wallet – bitcoin offline wallet https://itunes.apple.com/us/app/bitcoin-armory-wallet-bitcoin/id1139569125?mt=8
Blockchain – Offline Bitcoin Wallet https://itunes.apple.com/us/app/blockchain-offline-bitcoin/id1140411956?mt=8
BitcoinCore – Bitcoin Wallet https://itunes.apple.com/us/app/bitcoincore-bitcoin-wallet/id1140170409?mt=8
Featured image from GongTo via Shutterstock.
Last modified: October 17, 2019 03:53 UTC