- An app designed to steal cryptocurrency owners’ details has been uncovered
- The app was promoted as a currency converter but ran phishing software in devices’ background
- It has since been taken down by Google
The subject of cryptocurrency apps is a complicated one. On one hand, apps, in general, make the process of trading and managing cryptocurrency flow easier for users. On the other hand, there has been the growing problem of malicious cryptocurrency apps that sometimes act as phishing tools.
While a number of platforms like the Google play store have tried to contain the problem, some still manage to slip through the cracks. Such was the case when an app was exposed by Security and malware researcher Lukas Stefanko who released a video showing how an app distributed by the Google play store steals user info.
The app in question is called Easy Rates Converter and is advertised as a currency conversion tool. Apparently, it actually serves as a way to steal the login info of cryptocurrency wallet holders.
The app was deliberately targeting the login details of several popular cryptocurrency wallet apps including CommBank, Google Play, and the official Binance app.
At the time the video was released, the app has already been downloaded over 500 times.
The way the scam works is that the app is downloaded and appears to work normally.
Unbeknownst to the user, it installs a phishing application in the background. Most users would be unaware of this as the application is designed to look like an Adobe Flash update which is a common tactic used by hackers.
When the user then opens one of their legitimate cryptocurrency apps, a fake activity page bearing the likeness of the app opens, asking for login details.
This page collects the user’s details and sends them to the hackers, as demonstrated by Stefanko.
On a larger scale
The problem with this is that the phishing can take place not only for cryptocurrency apps but for regular banking apps as well.
Google has taken the app off their platform but this brings up the larger problem of phishing apps targeting cryptocurrency holders. In cases like this, the apps actually function as they are supposed to besides stealing information, which deceives users.
Phishing is a huge issue in the cryptocurrency community with several incidents taking place this year, including one targeting Ripple.
Cryptocurrency wallet holders have been advised to be wary of new and unverified apps and as much as possible, only use official apps from well-known platforms.