It seems we might never win the battle against fake cryptocurrency apps on Google’s Play Store, as another four have been identified this week.
The apps were masquerading on the Play Store as cryptocurrency wallets for NEO, Tether, and MetaMask. The dodgy apps were uncovered by security researcher Lukas Stefanko and had managed to amass a few hundred installs in total and have been available on the Play Store since mid-October.
They have since been reported to Google and removed from the Play Store, it remains unclear if anyone was duped by any of these apps.
What did they do?
Despite all being wallet styles apps, they fall into two broad categories, phishing apps or fake wallets.
The fake MetaMask app was the only phishing app of the four. After installing and opening the application, it would ask the user for their private key and wallet password.
Once the app obtains this sensitive data, it would send it on to the scammers, siphoning the users’ cryptocurrency funds as they please.
The second group is all fake wallets. Two were pretending to be NEO wallets and the other for controversial stablecoin Tether .
These apps are hard to spot if you don’t pay close attention.
They appear to display a public key owned by the user, however, these apps are actually displaying the scammer’s public key and QR code, the private key is also owned by the attacker. The address is the same for every account on this app.
This means that any funds deposited into that wallet’s address get sent directly to the scammer’s own wallet. Once this happens the funds can no longer be accessed by the victim.
But, how?
Perhaps most alarming of all is that these apps were created using “AppyBuilder,” a drag-and-drop app builder which requires no coding knowledge to produce a working app.
This means that pretty much anyone could create a basic but malicious app designed to steal cryptocurrency from unwitting victims.
Stefakno recommends that any time you install and login to a new cryptocurrency wallet, make sure it has loaded your own private key . If you can’t find your private key, it’s likely the app has permanent private key that should be considered compromised.
There have been a whole host of illegitimate cryptocurrency apps found on the Play Store in recent months .
Last week EOS developers warned users of a fake version of their own wallet app hosted on the Play Store. Earlier this month, Stefanko also found a Google Play app that used on-screen phishing to steal users’ cryptocurrency exchange login details .
There was even an app that cost over $350 and all you got was a picture of the Ethereum logo .
‘Drug-dealing’ football coach set to join suit against Bitcoin trader over $14M loss
In Australia, a suite of high-profile cryptocurrency investors (which could include accused drug trafficker and former football coach Mark “Bomber” Thompson) are preparing to take their Bitcoin fund manager to court over $14.2 million (AU$20 million) in losses.
Stefanos Papanastasiou (39), founder of what claims to be Australia‘s first online bed retailer, is under fire by a number of disgruntled investors who had been convinced of his power to reduce volatility in the cryptocurrency markets, reports The Age .
Under the name Stefan Papas, he reportedly told clients he had spent $355,000 (AU$500,000) to develop a special computer algorithm capable of providing massive financial returns on money contributed to his fund, dedicated to trading Bitcoin and Ethereum tokens.
Thompson, the disgraced AFL coach and accused ecstasy trafficker , is said to have contributed more than $709,000 (AU$1 million) Papanastasiou’ fund, alongside notable lawyers and business figures.
Property developer Savvas Alexiadis (Sam) and his wife have already taken action. Reported legal documents showed claims of being owed more than $1.9 million (AU$2.7 million) from investments made between July and November 2017 – just as the infamous $20,000 bull market was reaching full steam.
Court documents reveal how Papas operated. “I promise this much, I intend to ensure everyone gets a head start, a huge break or hit the jackpot. It’s there for us to capitalise from,” he wrote in an SMS message. “Sam, the numbers are staggering, seemingly unequivocally within reach. This transition in history, is like no other before it.”
Marshall Islands warned to cancel its ICO or be denied international aid
The Marshall Islands is launching its own cryptocurrency to boost its economy, but it might have run into a brick wall. The International Monetary Fund (IMF) issued a stark warning: cancel the ICO or face being cut off from the US dollar.
The Republic of the Marshall Islands (RMI) is small and remote. It is a sovereign nation, but uses the US dollar for its national currency. An initial coin offering (ICO) is planned that will launch a new cryptocurrency, to be used alongside the US dollar.
The IMF say that the RMI is “[taking advantage] of the growing enthusiasm for cryptocurrencies, together with the innovation of it being a national currency, to generate much-needed income for the government.”
Risk analysis was conducted and spotted by CoinDesk . It requests RMI “reconsider the issuance of the digital currency as legal tender,” as it “elevates the already high risks of losing the last [banking relationship with the] US dollar.”
The IMF also reminded the RMI of its over-exposure to climate change. The RMI relies heavily on external aid, which comes by way of the US dollar. Losing access to that aid would only make things worse.
“The termination of the last [banking relationship with the] US dollar would have significant repercussions to the economy, […] access to US dollar clearing services, and potential disruptions to the flows of external aid,” reads the report.
Cryptocurrency is often presented as protection against economic instability. Most notably, Venezuela attempted to use a sovereign cryptocurrency to curtail ever-increasing hyperinflation. Recent research, though, shows that cryptocurrency is not up to the task .