Cyber threats researcher Lukas Stefanko has discovered four applications in the Google Play marketplace that mimic blockchain wallets, while actually stealing user data or extorting cryptoactives.
Applications supposedly have the ability to store cryptocurrency NEO and Tether.
One program mimics under the MetaMask extension (wallet for access to the balance of the air). In fact, it steals the user’s bank account and credit card information after entering information.
The fake MetaMask application is a “phishing wallet”, while the other three are “fake wallets”. After installing the “phishing wallet” requests a private key and password to access the user’s store.
At the same time, the application called “Neo Wallet”, which is a fake wallet, has been downloaded over a thousand times since it was posted on Google Play.
Stefanko told about his studies in detail in the video.
Fake blockchain wallets do not create a new repository through a public address and private key, necessary for safe storage of assets. They only show the public address of the criminals without indicating the private key to which users and transfer funds.
Stefanko notes that the applications were created using the Drag-n-Drop service, which does not require deep knowledge of development. This means that almost everyone can “develop” a simple data theft application.
The specified applications have been removed from Google Play after the message of Stefanko to the security service of the service.
According to a study by Group-IB, the most-fake phishing copies have the popular wallet MyEtherWallet for storing ether.