FOUR FAKE BLOCKCHAIN WALLETS ARE FOUND IN GOOGLE PLAY
Analyst Lukas Stefanko discovered in Google Play four applications that only simulated blockchain wallets, but in fact collected user data or forced users to send funds to the addresses of attackers. The apps were removed from the marketplace after Stefanko’s complaint.
Researcher in the field of cyber threats Lukas Stefanko found in the marketplace Google Play four applications that mimic the blockchain wallets, while in fact steal user data or extort crypto assets.
Applications allegedly provide the ability to store Neo and Tether cryptocurrencies.
One program mimics the extension MetaMask (wallet to access the balance of the ether). In fact, it steals the user’s Bank account and credit card information after entering the relevant information.
Stefanko divided these applications into two groups: the fake MetaMask application is a “phishing wallet”, while the other three are “fake wallets”. After installation, the “phishing wallet” asks for a private key and password to access the user’s storage.
At the same time, the application called “Neo Wallet”, which is a fake wallet, has been downloaded more than a thousand times since its placement in Google Play.
Fake blockchain wallets do not create a new storage through a public address and private key required to securely store assets. They only show the public address of criminals without specifying the private key to which users and transfer funds.
Stefanko notes that the applications were created using the Drag-n-Drop service, which does not require deep development knowledge. This means that almost anyone can “develop” a simple application for data theft.
These applications were removed from Google Play after Stefanko’s message to the security service.