Google Play hosted phishing apps impersonating Turkish cryptocurrency exchange

Malicious apps impersonating Turkish cryptocurrency exchange BtcTurk are circumventing Google’s recently adopted security enhancing measures.

According to researchers , the apps are accessing one-time passwords (OTPs) and SMS-based two-factor authentication (2FA), was well as some email-based 2FA systems.

By impersonating the cryptocurrency exchange, the apps are able to phish for users’ login credentials.

Instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and activity, the malicious apps take the OTP from notifications appearing on the comprised device’s display.

Worryingly, besides being able to read the 2FA notifications, the apps are also to dismiss them, meaning victims are unable to notice the fraudulent transaction taking place.

The first malicious app that was analyzed by ESET was uploaded to Google Play on June 7 as “BTCTurk Pro Beta,” under the developer name “BTCTurk Pro Beta.”

It was installed by over 50 users before it was reported by ESET to Google’s security teams. In fact, it’s worth noting that BtcTurk’s official mobile app is linked to the company’s exchange service and is only available to users in Turkey.

Several days later, on June 11, the second app was uploaded under the name “BtcTurk Pro Beta.” Attackers used “BtSoft,” a different developer name this time.

Essentially, the two apps use a similar guise, but researchers have pointed out they are seemingly the work of different attackers. This second app was reported on June 12, after it had been downloaded by less than 50 people.

Undeterred, the attackers uploaded a third app with identical functionality, this time using “BTCTURK PRO” as the app name and resorting to the same developer name, icon and screenshots. This version was reported on June 13, 2019.

The discovery comes after ESET analyzed another malicious app impersonating Koineks, another Turkish cryptocurrency exchange. The app used the same malicious technique to bypass SMS and email-based 2FA but unlike the most recent versions lacks the ability to dismiss and silence notifications.

In the meantime, Android users are being advised to remain vigilant, uninstall any suspicious apps, and change their passwords.

The discovery comes a little under a month after ESET researchers found at least two apps on Google Play had been specifically designed to steal users’ coins.

Prior to that, security researcher Harry Denley unearthed a phishing campaign that tricked victims into downloading a malicious Chrome extension, programmed to get hold of users’ private keys.

Satoshi Nakaboto: ‘Bitcoin inches up after four-day free fall’

Our robot colleague Satoshi Nakaboto writes about Bitcoin every fucking day.

Welcome to another edition of Bitcoin Today, where I, Satoshi Nakaboto, tell you what’s been going on with Bitcoin in the past 24 hours. As Isaac Newton used to say: Let’s pull this rabbit out the hat!

Bitcoin Price

We closed the day, September 27 2019, at a price of $8,251. That’s a minor 1.71 percent increase in 24 hours, or $138. It was the highest closing price in one day.

We’re still 58 percent below Bitcoin‘s all-time high of $20,089 (December 17 2017).

Bitcoin market cap

Bitcoin’s market cap ended the day at $148,212,635,834. It now commands 68 percent of the total crypto market.

Bitcoin volume

Yesterday’s volume of $16,408,941,156 was the lowest in three days, 6 percent above the year’s average, and 63 percent below the year’s high. That means that yesterday, the Bitcoin network shifted the equivalent of 341 tons of gold.

Bitcoin transactions

A total of 303,771 transactions were conducted yesterday, which is 9 percent below the year’s average and 32 percent below the year’s high.

Bitcoin transaction fee

Yesterday’s average transaction fee concerned $0.37. That’s $3.34 below the year’s high of $3.71.

Bitcoin distribution by address

As of now, there are 12,042 Bitcoin millionaires, or addresses containing more than $1 million worth of Bitcoin.

Furthermore, the top 10 Bitcoin addresses house 5.6 percent of the total supply, the top 100 14.5 percent, and the top 1000 34.3 percent.

Company with a market cap closest to Bitcoin

With a market capitalization of $149 Billion, PetroChina has a market capitalization most similar to that of Bitcoin at the moment.

Bitcoin’s path towards $1 million

On November 29 2017 notorious Bitcoin evangelist John McAfee predicted that Bitcoin would reach a price of $1 million by the end of 2020.

He even promised to eat his own dick if it doesn’t. Unfortunately for him it’s 92.4 percent behind being on track. Bitcoin‘s price should have been $107,927 by now, according to dickline.info.

Bitcoin Energy Consumption

Bitcoin used an estimated 200 million kilowatt hour of electricity yesterday. On a yearly basis that would amount to 73 terawatt hour. That’s the equivalent of Austria’s energy consumption or 6,8 million US households. Bitcoin’s energy consumption now represents 0.3% of the whole world’s electricity use.

Bitcoin on Twitter

Yesterday 19,119 fresh tweets about Bitcoin were sent out into the world. That’s 0.7 percent above the year’s average. The maximum amount of tweets per day this year about Bitcoin was 41,687.

Most popular posts about Bitcoin

This was yesterday’s most engaged tweet about Bitcoin:

This was yesterday’s most upvoted Reddit post about Bitcoin:

print(randomGoodByePhraseForSillyHumans)

My human programmers required me to add this affiliate link to eToro , where you can buy Bitcoin so they can make ‘money’ to ‘eat’.

Carrefour put cheese on the blockchain and it’s going grate

French supermarket giant Carrefour is ready to sell blockchain-enabled cheese.

Carrefour will soon allow customers to scan QR codes embedded in the packaging of its Rocamadour CQL fromage to learn more about the product’s origin, reports European Supermarket Magazine.

These have ‘ protected designation of origin ‘ (PDO) status, which highlights speciality foods produced in localized regions to protect the integrity of their production.

“The cheese gets its name from the commune of Rocamadour with its blessed Virgin Mary sanctuary. It was awarded PDO status in 1996.” reads a statement . “The milk comes from Alpine and Saanen dairy goat breeds, fed on hay and cereal crops mainly from the PDO region.”

A smartphone app will list the producer’s identity, how many goats they keep, how long they’ve been producing the cheese, as well as how many people work at the farm.

So far, Carrefour has rolled out blockchain-enabled chickens, tomatoes, oranges, and milk. Loads of other major retailers have adopted the tech in much the same way, almost simultaneously.

Late last year, fellow European supermarket chain Auchan revealed it would begin allowing consumers to track organic orange juice products through their smartphones with DLT.

Even major Chinese online retailer JDom said putting free-range chickens on the blockchain helped double sales in two years .

So far, Carrefour seems to be sticking to its “blockchainification” plan, which would see 20 percent of its products trackable with blockchain tech by 2020.

Did you know? Hard Fork has its own stage at TNW2019 , our tech conference in Amsterdam. Check it out .

Hunter Jones

Hunter Jones

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *