Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop

The Google Play store is not home only to banking trojans as security researcher Lukas Stefanko discovered after finding four malicious Android apps camouflaged as fake cryptocurrency wallets. 

Moreover, the apps found by Stefanko used two different methods to help the bad actors who developed them to get their paws on the target's cryptocurrency funds.

MetaMask, the first one of them impersonates a legitimate service which allows you to "run Ethereum apps right in your browser" but describes itself as a multi-currency wallet on the Google Play store.

This fake wallet app used phishing tactics to steal the victim's credentials wallet password and private key. As a bonus, according to the screenshot of its Google Play store page provided by the researcher, the metal mask was also displaying ads probably as an extra revenue stream.

No comments:

Post a Comment