Thursday, October 10, 2024
HomeAndroidFake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic...

Fake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic as Legitimate Wallets

Published on

Fake cryptocurrency wallet apps in Google play aimed at stealing user credentials or impersonate as cryptocurrency wallets.

Security researcher Lukas Stefanko discovered four such fake apps in Google play that mimics the legitimate services including NEO, Tether, and MetaMask.

Fake cryptocurrency wallet apps Functionality 

Among the four fake apps, MetaMask app poses a fake request form to steal user private key and wallet password.

- Advertisement - EHA

Other three apps trick the user’s by generating public address and private key. If user’s try to generate public address and private key the malicious shows only the attacker’s public address.

If user’s deposit funds to that address they then it is not possible to withdraw it without the private key.

Stefanko tested the app by creating multiple accounts and he got the same public address, including the QR code. He posted a video with the detailed code analysis. That app’s found built in Drag-n-Drop builder service without any coding knowledge.

Fake cryptocurrency wallet

Common Tips to Catch Fake Android App

Look at the publish date. A fake app will have a recent published date.
Do a little research about the developer of the app you plan to install.
Very important – read all app permissions carefully.

Common Defences On Mobile Threats

Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.

Also Read

Stop DDoS Attacks In 10 Seconds – Organization’s Most Important Consideration for DDOS Attack Mitigation

DDoS Attack Prevention Method on Your Enterprise’s Systems – A Detailed Report

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...

New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component...