Google Boots Four Malicious Crypto Apps from Play Store
Despite attempts to weed out fake cryptocurrency apps on the Android marketplace, the war is far from being won.
Cybersecurity researcher Lukas Stefanko recently came across four fake crypto apps in the Google Play Store that impersonated Ethereum wallet MetaMask, as well as the Tether and NEO cryptocurrencies. According to Stefanko, the apps have been on the Android marketplace for weeks now and had been downloaded several hundred times. The apps were removed from the Google Play Store as soon as they were reported.
‘Phishing’ Expedition
Stefanko identified the MetaMask app as a phishing application intended to harvest the private key and the wallet password of the user. The rest were fake wallets which when launched were intended to dupe users into thinking that a public address had already been generated when it had not. This was with the intention of leading the user to send funds to the wallet, whose private keys are owned by the creator of the fake wallet. Once sent, the user cannot withdraw these funds since they don’t own the private keys.
Per Stefanko, the fake wallets were created using an app builder service that requires little or no coding skills. With such a low barrier of entry, Stefanko warned, the problem of malicious cryptocurrency apps is likely to continue to get worse.
“That means that – once Bitcoin price rises and starts to make it into front pages – than [sic] literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet,” wrote Stefanko in the blog post.
Chrome Web Store
Besides malicious apps on the Google Play Store that the online search giant has had to constantly take down as new ones come up, Google has also experienced similar problems on the marketplace of its Chrome browser. Early last month, Google announced a ban on browser extensions that possess crypto mining capabilities.
Prior to the move, the Chrome Web Store only required developers to explicitly inform users that it was a crypto mining script for such apps to be accepted. This was, however, largely ignored by developers as Google revealed earlier this year that around 90 percent of all the extensions that contained crypto mining scripts had failed to comply with the set policies.
As Google revealed at the time, identifying the offending apps was aided by machine learning:
“We’ve recently taken a number of steps toward improved extension security with the launch of out-of-process iframes, the removal of inline installation, and significant advancements in our ability to detect and block malicious extensions using machine learning.”
Featured Image from Shutterstock
