Google Play Store has recently begun what one would call the great app purging. Ever since BTC prices have gone through the roof, hundreds of fake crypto apps surfaced in Google’s Play Store.
Disguised into legit crypto wallets, these apps only phish the users’ credentials without making a single deposit in their online crypto accounts.
According to ESET, the fake apps have been downloaded at least 1,000 times, but no user reported any modifications in their e-wallets. The pressure to purge the fake apps is high since the stolen credentials can be used in future attacks.
What are the ramifications of the fake crypto wallets wave?
According to an ESET blog post dating back to the 23rd of May, users’ legit e-wallets may be at risk if they decide to download and use apps other than Trezor or similar. Unfortunately, it’s next to impossible to distinguish between a legit and fraud crypto wallet apps.
In the aforementioned blog post, researchers noted that all curated Google Play Store apps were disguised as legit Trezor affiliates.
Their descriptions, logos, and feedbacks arose no suspicions. However, a closer inspection revealed that the apps had no Trezor branding, nor were they in any way connected to an actual e-wallet.
Instead, the app would transfer BTC to an unknown crypto wallet. Basically, all of these apps are phishing attempts engineered to steal credentials and cryptocurrency.
What is there to be done?
Despite Google’s best efforts, the fake apps continue appearing in the Play Store. As ESET explained, the growing number of phishing attempts has very much to do with the rising BTC prices.
So, in order to ensure that those BTCs go where they’re supposed to, you should only download and use legitimate applications that contain links to Trezor’s website or a similar platform.
You should also avoid sensitive information on apps and platforms that request you to complete forms.
As unlikely as this may seem, online security researchers believe that fake apps don’t actually pose a security threat to users.
However, they did warn that the email addresses and other credentials collected through the apps might be used in future phishing attacks.
What it all boils down to is this. At this very moment, there are literally hundreds of unchecking BTC wallets on Google’s Play Store.
Choose the wrong one, and you might end transferring bitcoins into someone else’s e-wallet. What’s worse is that there’s no way of telling if the app is legit or fake.
The online security researchers making this assessment revealed that they were able to figure out that the apps are not what they claim to be by taking apart the code.
Of course, if you have the knowledge, you can perform a sort of background check before using the application.
Otherwise, we would recommend you stick with the official apps. It might be a good idea to download the apps from the company’s website, although that’s not a surefire way to dodge hackers since links can be hijacked.
What’s your take on the G Play’s discovery? Hit the comments section and let us know.