According to a report from cybersecurity researcher Lukas Stefanko, four fake cryptocurrency apps were listed on the Google Play Store this week.
Three apps Neo Wallet, Tether Wallet, and MetaMask are now in question. These fake cryptocurrency apps were presented since the middle of October but were reported and removed quickly. These apps either impersonate the real cryptocurrency wallets or to phish the cryptocurrency logins of the consumers.
A cybersecurity researcher said:
These malicious apps only display attacker’s public address and not the user’s access to private key. The private keys are owned by the bad guys or hackers. As the fake cryptocurrency apps launched, users think that apps already generated the public addresses where they can deposit their cryptocurrency. But if a user funds to his wallet he’s not able to withdraw afterward as he doesn’t know the private key.
The apps were built using an AppyBuilder which is a drag-and-drop service let anyone use code apps with general knowledge. For cryptocurrency explorers, it’s an important reminder to make sure that your app is loading up your personal private key and not a pre-set key.
Fake cryptocurrency apps are a very hot topic these days as Apple has banned mining apps from its iOS devices. The Google Play Store has been notorious to host malware in the past. Early in 2018, McAfee researchers revealed that Android app store hosts malware aiming to steal photos, contact lists, and even text messages of North Korean detectors.
Some of the apps were impersonating as security apps whereas one was claiming to provide food ingredient information.