On November 13, a malware researcher Lukas Stefanko reported in his blog that he had found four fake applications on Google Play Store that tried to trick users either in to luring their credentials or impersonating cryptocurrency wallets. These threats imitate legitimate services for NEO, Tether and MetaMask. Stefanko reported these apps to Google security team and they were promptly removed.
The researcher divided four apps into two categories. The first one is phishing category where malicious app after launch requests from the user his private key and wallet password. That is the case for fake MetaMask app.
The second category are fake wallets. In this category Stefanko found three more apps created by the same attacker – NEO Wallet, Tether Wallet.
Fake cryptocurrency wallets do not create new wallet by generating public address and private key. These malicious apps only display attacker’s public address without user’s access to private key. Private key is owned by the bad guy. Once the fake app is launched, user thinks that app already generated his public address where user can deposit his cryptocurrency. If user send his funds to this wallet, he is not able to withdraw them because, he doesn’t own private key.
“What concerns me the most is that these fake wallets were created using Drag-n-Drop app builder service without any coding knowledge required. That means that – once Bitcoin price rises and starts to make it into front pages – than literally anyone can “develop” simple but effective malicious app either to steal credentials or impersonate cryptocurrency wallet”, – concludes the researcher.