Computer engineer Lukas Stefanko has recently reported that he had found four fake cryptocurrency wallets in the Google Play Store that were posing as virtual wallets for Tether, an extension access to Ethereum (ETH), NEO and MetaMask.
According to the study published on the malware researcher blog, the apps that were presented as cryptographic wallets were created with the purpose of duplicating user’s credit cards data as well as their mobile banking credentials.
“Recently, I found four fake applications on Google Play Store that tried to trick users either in to luring their credentials or impersonating cryptocurrency wallets. These threats imitate legitimate services for NEO, Tether and MetaMask”, Stefanko explained.
In that sense, the ESET cybersecurity expert classified the wallets into 2 groups. On the first group, he put the fake MetaMask app and described it as a “phishing wallet” while the other three apps were classified as “fake wallets”, all created by the same hacker.
In the malicious copy of MetaMask case, once the phishing app is installed, it request’s the user for his or her private key and wallet password.
Similarly, he adds that the sham wallets do not generate a new wallet by creating a public address and a private key, which is the regular procedure to carry out transactions in a secure manner, instead, it gave the client a public address but the key remained in the hacker’s hands.
This, of course, prevents the victim from withdrawing funds from his wallet, since he does not have the keys to do it.
Stefanko, also revealed in the publication, that once he identified the four apps, he reported them to the Google security team and they were eliminated soon after.
About Lukas Stefanko
He is a computer engineer who studied at the Technical University of Kosice in Slovakia and joined the company that develops antivirus and security solutions for home and corporate devices ESET, in which he has worked as a malware analyst since 2011.
Stefanko is also recognized for having published in his Twitter account, about a month ago, a list of 15 popular apps that contain a virus, among which are Allconvert, MyCookBook, Converto, CryptoWall, Coincheck, Sportify, Exchange Calculator Plus and several others.
One of the biggest disadvantages of the growing cryptographic ecosystem is the constant threat of cyber-attacks, since the popularity and value of cryptocurrencies make them a recurrent target, which motivates evildoers to look for new and sophisticated ways to steal them.
One of the most popular digital theft schemes in recent years is phishing, also known as “identity theft”, which consists in the use of computer tools to try and acquire a person’s confidential information such as their private keys, credit cards information, etc.
In phishing, the cybercriminal poses as a person or company that through emails, an instant messaging system and even using phone calls, tries to clone private data of a person to access their accounts and steal their money.